Deeplinkshttps://www.eff.org/fr/rss/updates.xml/travel-screening
EFF's Deeplinks Blog: Noteworthy news from around the internetfrEnd Biometric Border Screeninghttps://www.eff.org/fr/deeplinks/2017/08/end-biometric-border-screening
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>This blog post was first <a href="http://thehill.com/blogs/pundits-blog/technology/342586-mistakes-misuse-and-mission-creep-biometric-screening-must-end">published</a> in The Hill on July 18, 2017.</em></p>
<p>This summer, the U.S. Department of Homeland Security (DHS) is expanding its program of subjecting U.S. and foreign citizens to facial recognition screening at international airports. This indiscriminate biometric surveillance program threatens the personal privacy of millions of travelers. DHS should end it.</p>
<p>The <a href="https://www.judiciary.senate.gov/imo/media/doc/07-12-17%20Dougherty-Wagner-Rodi%20Joint%20Testimony1.pdf">history</a> <a href="https://www.dhs.gov/sites/default/files/publications/privacy-pia-cbp030-tvs-may2017.pdf">of</a> <a href="https://www.cbp.gov/travel/biometric-security-initiatives">this</a> <a href="https://www.cbp.gov/sites/default/files/assets/documents/2016-Jun/602381%20-%20Departure%20Information%20Systems%20FACT%20SHEET_OFO%20FINAL.pdf">program</a> is a case study in mission creep. In 1996, Congress authorized automated tracking of foreign citizens as they enter and exit the U.S. In 2004, DHS began biometric screening of foreign citizens upon arrival. In 2016, DHS launched a pilot program of facial recognition screening of all travelers, U.S. and foreign citizens alike, on a daily international flight out of Atlanta’s Hartsfield-Jackson airport. In March 2017, President Trump’s <a href="https://www.whitehouse.gov/the-press-office/2017/03/06/executive-order-protecting-nation-foreign-terrorist-entry-united-states">revised travel ban</a> ordered DHS to expedite the completion of biometric entry-exit screening of foreign citizens. Today, facial recognition screening is underway for all travelers on certain international flights out of two more pilot sites: Washington’s <a href="https://www.cbp.gov/newsroom/national-media-release/cbp-deploys-biometric-exit-technology-washington-dulles">Dulles</a> airport and Houston’s Bush airport. Later this summer, DHS will expand this program to five more international airports.</p>
<p>To be clear—what began as DHS’s biometric travel screening of foreign citizens morphed, without congressional authorization, into screening of U.S. citizens, too. In the words of DHS’s recent <a href="https://www.judiciary.senate.gov/imo/media/doc/07-12-17%20Dougherty-Wagner-Rodi%20Joint%20Testimony1.pdf">testimony</a> to Congress: “U.S. citizens are not exempted from this process.” Privacy advocates have <a href="https://www.eff.org/document/fingerprints-dna-biometric-data-collection-us-immigrant-communities-and-beyond">long</a> <a href="https://www.eventbrite.com/e/the-color-of-surveillance-government-monitoring-of-american-immigrants-tickets-33895698948">opposed</a> biometric screening of immigrants. Now we also oppose the expansion of biometric border screening to cover U.S. citizens.</p>
<p>For many reasons, DHS should end its ever-growing biometric border screening program.</p>
<p>First, facial recognition is a unique threat to our privacy. Most of us display our faces wherever we go. Cameras are increasingly accurate at great distances. Facial recognition algorithms are increasingly powerful. Computer systems are increasingly interoperable. Thus, for example, an easy-to-use Russian mobile app called <a href="https://www.washingtonpost.com/news/morning-mix/wp/2016/05/18/russias-new-findface-app-identifies-strangers-in-a-crowd-with-70-percent-accuracy/">FindFace</a> allows strangers to identify each other by using facial recognition to link an ordinary phone camera to a popular social networking site. If identity thieves or stalkers target us, we can change our credit card numbers and even our names, but we cannot change our faces.</p>
<p>Second, facial recognition has significant <a href="https://www.fbi.gov/services/records-management/foipa/privacy-impact-assessments/interstate-photo-system">accuracy</a> <a href="https://www.gao.gov/assets/680/677098.pdf">problems</a>. Thus, many international travelers will be unjustly delayed and scrutinized, and scarce law enforcement resources will be wasted, due to the inevitable errors of government biometric screening systems. Worse, facial recognition error rates are <a href="http://ieeexplore.ieee.org/document/6327355/?reload=true&amp;tp=&amp;arnumber=6327355&amp;url%20=http:%2F%2Fieeexplore.ieee.org%2Fxpls%2Ficp.jsp%3Farnumber%3D6327355">even</a> <a href="https://www.theatlantic.com/technology/archive/2016/04/the-underlying-bias-of-facial-recognition-systems/476991/">higher</a> for African-American travelers than for white travelers, perhaps because people of color are underrepresented in algorithmic training data. So the DHS program will have an inevitable racial disparate impact.</p>
<p>Third, data thieves might steal DHS’s biometric information. In the infamous 2015 data breach of the U.S. Office of Personnel Management, hackers absconded with the fingerprints of over <a href="https://www.washingtonpost.com/news/the-switch/wp/2015/09/23/opm-now-says-more-than-five-million-fingerprints-compromised-in-breaches/">five million people</a>. As part of its border screening, DHS plans to retain the biometric information of U.S. citizens for as long as <a href="https://www.dhs.gov/sites/default/files/publications/privacy-pia-cbp030-tvs-may2017.pdf">two weeks</a>. DHS does not rule out keeping this sensitive information even longer. DHS retains the biometric information of foreign citizens for many years. DHS processes more than 300,000 international air travelers <a href="https://www.cbp.gov/sites/default/files/assets/documents/2017-Jun/CBP-Snapshot-06012017.pdf">every day</a>. Their biometric information will be an enticing target for data thieves.</p>
<p>Fourth, government employees might misuse DHS’s reservoir of biometric data. <a href="https://www.washingtonpost.com/news/the-switch/wp/2013/08/24/loveint-when-nsa-officers-use-their-spying-power-on-love-interests/">NSA</a> and <a href="https://www.eff.org/deeplinks/2017/05/california-authorities-still-ignoring-rising-abuse-police-databases">police</a> officials alike (usually male) have abused sensitive government databases to acquire information about people (usually female) that they are romantically interested in.</p>
<p>Fifth, DHS might share with other government agencies the biometric information it seizes from travelers. Many government agencies share their biometric data with each other. For example, the FBI’s facial recognition system has access to more than <a href="https://www.gao.gov/products/GAO-16-267">400 million photos</a> held by other agencies (in addition to the FBI’s own repository of 30 million photos). Likewise, half of all adult U.S. drivers live in states whose motor vehicles agencies share their license photos with police facial recognition systems, according to a 2016 <a href="https://www.perpetuallineup.org/">study</a> by the Georgetown Law Center on Privacy and Technology. DHS’s biometric border screening system is part of this larger web of government biometric surveillance. If DHS shares its biometric data, the photographs of millions of innocent travelers could wind up in criminal justice databases.</p>
<p>Sixth, DHS might expand the ways it uses its biometric screening system. Today, DHS uses it to enforce immigration laws and ensure traveler identity. Tomorrow, DHS could try to use it to identify travelers who are wanted on outstanding warrants. Police warrant databases are <a href="https://www.nytimes.com/2016/03/29/nyregion/cleared-of-a-crime-but-hounded-by-a-warrant.html">riddled with error</a>. And they include many people sought for traffic infractions and other <a href="https://www.eff.org/deeplinks/2016/06/racial-bias-and-arrest-tech">minor offenses</a>, which should not impede anyone from flying to a family event or a work opportunity.</p>
<p>DHS recently took the <a href="https://www.dhs.gov/sites/default/files/publications/privacy-pia-cbp030-tvs-june2017.pdf">alarming position</a> that “the only way for an individual to ensure he or she is not subject to collection of biometric information when traveling internationally is to refrain from traveling.” But our government should not try to force us to abandon one of our human rights (biometric privacy) in order to enjoy another (travel).</p>
<p>It gets worse. DHS is now exploring how to subject U.S. and foreign citizens to biometric airport screening not just for international departures, but also for international arrivals and even for domestic flights, according to a recent <a href="https://www.theverge.com/2017/5/9/15591648/airport-facial-recognition-customs-tsa-biometric-exit">article</a> in <i>The Verge</i>. A DHS executive explained: “Why not look to drive the innovation across the entire airport experience? . . . We want to make it available for every transaction in the airport where you have to show an ID today.”</p>
<p>Far from expanding its system of biometric border screening, DHS should end it. At a minimum, DHS must publish clear policies to ensure that any such screening is a knowing and voluntary opt-in choice, and that border agents do not coerce or trick any traveler into surrendering their biometric privacy.</p>
</div></div></div>Wed, 09 Aug 2017 17:25:33 +0000adam96693 at https://www.eff.orgPolicy AnalysisBiometricsPrivacyTravel ScreeningEFF To Court: Border Agents Need Warrants to Search Contents of Digital Deviceshttps://www.eff.org/fr/press/releases/eff-court-border-agents-need-warrants-search-contents-digital-devices
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Whether Conducted Manually or Using Forensic Software, Cell Phone Searches Are Highly Intrusive</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal"><span>New Orleans, Louisiana—Searches of mobile phones, laptops, and other digital devices by federal agents at international airports and U.S. land borders are highly intrusive forays into travelers’ private information that require a warrant, the Electronic Frontier Foundation (EFF) said in a <a href="https://www.eff.org/document/us-v-molina-isidoro-eff-brief" target="_blank">court filing</a> yesterday. </span></p>
<p class="MsoNormal"></p>
<p class="MsoNormal"><span>EFF urged the U.S. Circuit Court of Appeals for the Fifth Circuit to require law enforcement officers at the border to obtain a warrant before performing manual or forensic <a href="https://www.eff.org/deeplinks/2017/04/bill-rights-border-fourth-amendment-limits-searching-your-data-and-devices" target="_blank">searches of digital devices</a>. Warrantless border searches of backpacks, purses, or luggage are allowed under an <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole" target="_blank">exception to the Fourth Amendment</a> for routine immigration and customs enforcement. Yet EFF argues that, since digital devices can provide so much highly personal, private information—our contacts, our email conversations, our work documents, our schedules—agents should be required to show they have probable cause to believe that the device contains evidence of a violation of the immigration or customs laws. Only after a judge has signed off on a search warrant should border agents be allowed to rifle through the contents of cell phones, laptops, or tablets.<br /></span></p>
<p class="MsoNormal"><span>Digital device searches at the border <a href="https://www.eff.org/wp/digital-privacy-us-border-2017" target="_blank"><span><u><span>have more than doubled</span></u></span></a> since the inauguration of President Trump. This increase, along with the increasing number of people who carry these devices while traveling, has highlighted the need for stronger privacy rights while crossing the U.S. border. </span></p>
<p class="MsoNormal"><span>“Our cell phones and laptops provide access to an unprecedented amount of detailed, private information, often going back many months or years, from emails to our coworkers to photos of our loved ones and lists of our closest contacts. This is light years beyond the minimal information generally contained in other kinds of personal items we might carry in our suitcases. It’s time for courts and the government to acknowledge that examining the contents of a digital device is highly intrusive, and Fourth Amendment protections should be strong, even at the border,” said EFF Staff Attorney Sophia Cope. </span></p>
<p class="MsoNormal"><span>EFF filed its brief with the U.S. Court of Appeals for the Fifth Circuit in <i>U.S. v. Molina-Isidoro. </i>In that case, Maria Isabel Molina-Isidoro’s cell phone was manually searched at the border, supporting her prosecution for attempting to import methamphetamine into the country.</span></p>
<p class="MsoNormal"><span>The Supreme Court has held that cell phones hold “<a href="https://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf" target="_blank">the privacies of life</a>,” and police need a </span><a href="https://supreme.justia.com/cases/federal/us/573/13-132/opinion3.html"><span>warrant to search the contents of a phone seized during an arrest</span></a><span>. The same principle should apply to the digital devices seized at the border, EFF told the appeals court. </span></p>
<p class="MsoNormal"><span>“Any search of data stored on a digital device, whether performed using special forensic software or conducted manually after obtaining and entering the owner’s password, provides access to a person’s entire private life,” said EFF Senior Staff Attorney Adam Schwartz.</span><span></span></p>
<p class="MsoNormal"><span>EFF is urging the court to find that the extraordinary privacy interests that travelers have in their digital devices render warrantless searches of those devices unreasonable under the Fourth Amendment. Border agents should be required to show they have sufficient cause for this immense invasion of privacy. </span></p>
<p class="MsoNormal"><span>For the brief:<br /><a href="https://www.eff.org/document/us-v-molina-isidoro-eff-brief" target="_blank">https://www.eff.org/document/us-v-molina-isidoro-eff-brief</a><br /></span></p>
<p class="MsoNormal"><span>For more about digital privacy at the U.S. border:<br /><a href="https://www.eff.org/files/2017/03/08/border-privacy.pdf" target="_blank">https://www.eff.org/files/2017/03/08/border-privacy.pdf</a></span></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Sophia</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Cope</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:sophia@eff.org">sophia@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Adam</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Schwartz</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Senior Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:adam@eff.org">adam@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Tue, 08 Aug 2017 20:57:04 +0000karen96733 at https://www.eff.orgNo Gathering Social Media Handles from Chinese Visitorshttps://www.eff.org/fr/deeplinks/2017/04/no-screening-social-media-handles-chinese-visitors
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF has joined a coalition <a href="https://static1.squarespace.com/static/5715ad13d51cd48f82ac962e/t/58f42c6dff7c502ccf3ccb32/1492397166037/2017.04.17+-+Letter+Opposing+CBP+Proposal_+Social+Media+Chinese+Visitors.pdf">effort</a>, led by Asian Americans Advancing Justice (AAAJ), to oppose the federal government’s proposal to scrutinize the social media activities of Chinese visitors. Specifically, U.S. Customs and Border Protection (CBP) <a href="https://www.federalregister.gov/documents/2017/02/21/2017-03343/agency-information-collection-activities-electronic-visa-update-system">seeks</a> to ask certain visa applicants from China to disclose the existence of their social media accounts and the identifiers or handles associated with those accounts.</p>
<p>Last year, EFF <a href="https://www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan">opposed</a> <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">a similar</a> <a href="https://www.eff.org/deeplinks/2016/10/un-joins-critique-proposed-cbp-social-media-questions">CBP proposal</a> concerning foreign visitors from countries that participate in the Visa Waiver Program (VWP). CBP finalized this proposal in December 2016.</p>
<p>Although providing social media handles would be optional and CBP promises to review social media activities “in a manner consistent with the privacy settings the applicant has chosen to adopt for those platforms,” collecting this information would still pose risks to the free speech and privacy rights of foreign travelers and their American associates. Moreover, CBP has made no showing that these intrusions on digital privacy and speech will actually do anything to advance public safety.</p>
<p>Specifically, CBP’s scrutiny of the social media activities of Chinese and VWP visitors will unmask anonymous Internet speakers, and reveal highly personal information like religious beliefs or dating preferences. CBP will scrutinize not just the online behavior of foreign visitors, but also that of the many U.S. citizens who communicate with them via social media, whether family members, friends, business associates, or other contacts. Foreign nations may retaliate and subject U.S. visitors to the same surveillance. Many people may self-censor to avoid this unwanted government scrutiny or curtail important travel to the United States.</p>
<p>These CBP proposals are part of a larger CBP effort to invade the digital privacy of travelers. At the U.S. border, CBP agents have <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans">ordered</a> U.S. citizens to disclose their social media accounts and identifiers. And CBP <a href="http://www.nbcnews.com/news/us-news/american-citizens-u-s-border-agents-can-search-your-cellphone-n732746">searches</a> the phones, laptops, and other devices of tens of thousands of travelers.</p>
<p>EFF is fighting back in the <a href="https://www.eff.org/document/us-v-kolsuz-eff-amicus-brief">courts</a> and <a href="https://www.eff.org/deeplinks/2017/04/border-search-bill-would-rein-cbp">Congress</a>, and <a href="https://www.eff.org/wp/digital-privacy-us-border-2017">teaching</a> travelers how to protect their privacy. We are proud to join AAAJ and dozens of other groups in opposing the intrusive and unnecessary social media screening of Chinese visitors.</p>
</div></div></div>Wed, 26 Apr 2017 01:09:21 +0000adam95760 at https://www.eff.orgPrivacyBorder SearchesTravel ScreeningThe Bill of Rights at the Border: Fifth Amendment Protections for Account Passwords and Device Passcodeshttps://www.eff.org/fr/deeplinks/2017/04/bill-rights-border-fifth-amendment-protections-account-passwords-and-device
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>This is the third and final installment in our series on the Constitution at the border. Today, we’ll focus on the Fifth Amendment and passwords. Click here for <a href="https://www.eff.org/deeplinks/2017/03/bill-rights-border-first-amendment-and-right-anonymous-speech">Part 1 on the First Amendment</a> or <a href="https://www.eff.org/deeplinks/2017/04/bill-rights-border-fourth-amendment-limits-searching-your-data-and-devices">Part 2 on the Fourth Amendment</a>.</p>
<p>Lately, a big question on everyone's mind has been: Do I have to give my password to customs agents?</p>
<p>As anyone who’s ever watched any cop show knows, the <a href="https://www.law.cornell.edu/constitution/fifth_amendment">Fifth Amendment</a> gives you the right to remain silent and to refuse to provide evidence against yourself – even at the border. If a CBP agent orders you to unlock your device or provide a password, you have a Fifth Amendment right to refuse to do so. You might simply say "no." In addition, you may tell the agent that you choose to remain silent and want to speak to an attorney, even if you don't have one retained yet. That choice may not stop CBP agents from pressuring you to “voluntarily” talk to them, but they are supposed to stop questioning you once you ask for a lawyer. Also, beware that government agents are permitted to lie to you in order to convince you to waive your right to remain silent, but you can be criminally prosecuted if you lie to them.</p>
<p>CBP agents are unlikely to advise you that you have this choice because the government generally argues that such<i> </i>warnings are only required if you are taken into “custody” and subjected to a criminal prosecution. And at least one federal court of appeals has determined that <a href="https://studyinthestates.dhs.gov/what-is-secondary-inspection">secondary inspection</a> – the separate interview area you get referred to if the CBP officer can’t readily verify your information at the initial port of entry – doesn’t qualify as “custody.” </p>
<p>But you don’t have to be in custody or subject to a criminal prosecution before you choose to invoke your Fifth Amendment rights to remain silent or to object to being deprived of your property without due process of law. For example, the <a href="https://leagle.com/decision/In%20FCO%2020130826107/U.S.%20v.%20OKATAN">Second Circuit</a> Court of Appeals has held that a person’s request for an attorney is enough to invoke the privilege against self-incrimination, even at the border.</p>
<p>And that privilege includes refusing to provide the password to your device<i>.</i> For example, in 2015, a <a href="https://cyb3rcrim3.blogspot.com/2015/09/the-sec-company-smartphones-and.html">Pennsylvania court</a> held that you may properly invoke the Fifth Amendment privilege to avoid giving up your cell phone passcode – even to an employer’s phone – because your passcode is personal in nature and producing it requires you to speak or testify against yourself. </p>
<p>Some courts have been less protective, overriding Fifth Amendment protections where the information sought is a so-called “foregone conclusion.” In 2012, a <a href="https://casetext.com/case/united-states-v-fricosu">Colorado court</a> ordered a defendant to provide the password to her laptop, only <i>after </i>the government had obtained a search warrant based on the defendant’s admission that there was specific content on her laptop and that the laptop belonged to her. On appeal, the <a href="https://stanford.edu/~jmayer/law696/week8/Compelled%20Password%20Disclosure%20(Eleventh%20Circuit).pdf">Eleventh Circuit</a> clarified that the government "must [first] show with some reasonable particularity that it seeks a certain file and is aware, based on other information, that . . . the file exists in some specified location" and that the individual has access to the desired file or is capable of decrypting it.</p>
<p>So, Fifth Amendment protections do apply at the border, and they protect your right to refuse to reveal your password in most circumstances. That said, individuals passing through the border sometimes choose to surrender their account information and passwords anyway, in order to <a href="http://www.economist.com/blogs/gulliver/2010/09/dealing_customs_agents">avoid consequences</a> like missing their flight, being made subject to more constrictive or prolonged detention, or being denied entry to the US.</p>
<p>As we have noted in our <a href="https://www.eff.org/files/2017/03/10/digital-privacy-border-2017-guide3.10.17.pdf">Digital Border Search Whitepaper</a>, the consequences for refusing to provide your password(s) are different for different classes of individuals. If you are a U.S. citizen, CBP cannot detain you indefinitely as you have a right to re-enter the country. However, agents may escalate the encounter (for example, by detaining you for more time), or flag you for heightened screening during future border crossings. If you are a lawful permanent resident, agents may also raise complicated questions about your continued status as a resident. If you are a foreign visitor, agents might deny you entry to the country entirely.</p>
<p>But whatever your status, whether you choose to provide your passwords or not, border agents may decide to seize your digital devices. While <a href="https://www.dhs.gov/xlibrary/assets/cbp_directive_3340-049.pdf">CBP guidelines</a> set a five-day deadline for agents to return detained devices unless a CBP supervisor approves a lengthier detention, in practice, device detentions commonly last many months.</p>
<p class="callout-right">As always, we want to hear from you if you experience harm or harassment from CBP for choosing to protect your digital data. We’re still collecting stories of border search abuses at: <a href="mailto:borders@eff.org">borders@eff.org</a></p>
<p>We recommend that you review our pocket guides for <a href="https://www.eff.org/files/2017/03/08/border-privacy.pdf">Knowing Your Rights</a> and <a href="https://www.eff.org/document/eff-border-search-pocket-guide">Protecting Your Digital Data Privacy</a> at the border for a general overview or take a look at our <a href="https://www.eff.org/files/2017/03/10/digital-privacy-border-2017-guide3.10.17.pdf">Border Search Whitepaper</a> for a deeper dive into the potential issues and questions you may face.</p>
<p>And join EFF in calling for stronger Constitutional protection for your digital information <a href="https://act.eff.org/action/demand-border-agents-get-a-warrant-before-digital-searches">by contacting Congress on this issue today</a>.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Wed, 19 Apr 2017 18:35:30 +0000stephanie95692 at https://www.eff.orgCall To ActionCommentaryMobile devicesInternationalPrivacyKnow Your RightsBorder SearchesLaw Enforcement AccessTravel ScreeningSecurityBorder Search Bill Would Rein in CBPhttps://www.eff.org/fr/deeplinks/2017/04/border-search-bill-would-rein-cbp
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><h3>Border Searches of U.S. Persons’ Digital Devices Would Require a Warrant</h3>
<p>As <a href="https://www.eff.org/deeplinks/2017/02/sen-wyden-border-searches-digital-devices-should-require-warrant">promised by Sen. Wyden in February</a>, a bill was introduced this week in Congress that would require U.S. Customs and Border Protection or other government agents to obtain a <a href="https://www.wyden.senate.gov/download/?id=0FC61A3A-122B-4A0C-9AED-B68C3349AA61&amp;download=1">probable cause warrant</a> before searching the digital devices of U.S. citizens and legal permanent residents at the border.</p>
<p>Sen. Wyden (D-OR) and Sen. Paul (R-KY) are original sponsors of the <a href="https://www.wyden.senate.gov/news/press-releases/wyden-paul-polis-and-farenthold-bill-requires-warrants-to-search-americans-digital-devices-at-the-border">Protecting Data at the Border Act</a> in the Senate (<a href="https://www.congress.gov/bill/115th-congress/senate-bill/823?q=%7B%22search%22%3A%5B%22protecting+data+at+the+border+act%22%5D%7D&amp;r=4">S. 823</a>), while <a href="https://adamsmith.house.gov/media-center/press-releases/smith-and-polis-introduce-legislation-to-protect-data-privacy-civil">Rep. Polis (D-CO), Rep. Smith (D-WA), and Rep. Farenthold (R-TX)</a> are taking the lead on this issue in the House (<a href="https://www.congress.gov/bill/115th-congress/house-bill/1899?q=%7B%22search%22%3A%5B%22protecting+data+at+the+border+act%22%5D%7D&amp;r=5">H.R. 1899</a>).</p>
<p>This bill is timely. As <a href="http://www.nbcnews.com/news/us-news/american-citizens-u-s-border-agents-can-search-your-cellphone-n732746">NBC News</a> recently reported:</p>
<blockquote><p>Data provided by the Department of Homeland Security shows that searches of cellphones by border agents has exploded, growing fivefold in just one year, from fewer than 5,000 in 2015 to nearly 25,000 in 2016. According to DHS officials, 2017 will be a blockbuster year. Five-thousand devices were searched in February alone, more than in all of 2015.</p></blockquote>
<p>We have been <a href="https://www.eff.org/issues/border-searches">arguing for a while</a> that the Fourth Amendment requires a warrant based on probable cause for border searches of cell phones, laptops, and other digital devices that contain gigabytes of highly personal information.</p>
<p>We most recently made these arguments in an <a href="https://www.eff.org/document/us-v-kolsuz-eff-amicus-brief">amicus brief</a> before the U.S. Court of Appeals for the Fourth Circuit in the case <i>U.S. v. Kolsuz</i>. We have not distinguished between U.S. persons and foreign nationals—for example, Mr. Kolsuz, whose iPhone was searched twice by CBP and Department of Homeland Security officials without a warrant, is a Turkish citizen. We nevertheless support the Protecting Data at the Border Act, even though it more narrowly focuses on the rights of U.S. citizens and green card holders.</p>
<p>CBP unreasonably argues that the privacy interest travelers have in digital devices is no different than that of luggage or other physical items travelers may bring with them across the border, thus CBP applies to digital devices the traditional “border search exception” to the Fourth Amendment, which permits warrantless and suspicionless “routine” border searches.</p>
<p>However, there is nothing “routine” about unregulated government intrusion into a device that contains, as the Supreme Court has said, <a href="https://supreme.justia.com/cases/federal/us/573/13-132/opinion3.html">“the sum of an individual’s private life.”</a> As the <a href="https://www.wyden.senate.gov/download/?id=9CDE0A37-24DD-4D05-B199-C7E160CAA088&amp;download=1">bill’s findings state</a>, the privacy interest in digital data “differs in both degree and kind from [the] privacy interest in closed containers.”</p>
<p>In addition to the warrant requirement, the <a href="https://www.wyden.senate.gov/download/?id=9CDE0A37-24DD-4D05-B199-C7E160CAA088&amp;download=1">Protecting Data at the Border Act</a> would prohibit the government from delaying or denying entry or exit to a U.S. person based on that person’s refusal to hand over a device passcode, online account login credentials, or social media handles to a border agent.</p>
<p>During an April 5 <a href="https://www.hsgac.senate.gov/hearings/improving-border-security-and-public-safety">hearing in the Senate Homeland Security &amp; Governmental Affairs Committee</a>, Sen. Paul grilled DHS Secretary John Kelly (starting at <a href="https://www.hsgac.senate.gov/templates/watch.cfm?id=A4EAC2B9-5056-A066-60F4-EEB195B46D64">2:15</a>) on CBP agents denying entry to Americans, or threatening to do so, for refusing to provide access to their cell phones. Sen. Paul said, “That’s obscene.” Secretary Kelly appeared woefully ignorant about what is happening with privacy at the border and even incorrectly asserted that border searches of digital devices have not “significantly” increased since President Trump took office. He promised to look into the issue and get back to Sen. Paul.</p>
<p>Please <a href="https://act.eff.org/action/demand-border-agents-get-a-warrant-before-digital-searches-3cd71c40-5340-43bd-a774-db6bb5564094">contact your members of Congress</a> and urge them to co-sponsor the Protecting Data at the Border Act (S. 823/H.R. 1899)!</p>
<p>Also urge your representatives to put pressure on Secretary Kelly to answer <a href="https://www.wyden.senate.gov/download/?id=B947731A-2394-484B-81E3-FDD49530EBF4&amp;download=1">Sen. Wyden’s questions from February</a>, which he has yet to do.</p>
<p>If you want more information about how to protect your data when crossing the U.S. border, please read our new <a href="https://www.eff.org/wp/digital-privacy-us-border-2017">comprehensive technical and legal guide</a>, as well as our <a href="https://www.eff.org/document/eff-border-search-pocket-guide">pocket guide</a>.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div><div class="field__item odd"><a href="/fr/cases/supreme-court-cases-cell-phone-searches">Riley v. California and United States v. Wurie</a></div></div></div>Thu, 06 Apr 2017 21:06:50 +0000sophia95578 at https://www.eff.orgCall To ActionPrivacyBorder SearchesTravel ScreeningBorder Agents Need A Warrant to Search Travelers’ Phones, EFF Tells Courthttps://www.eff.org/fr/press/releases/border-agents-need-warrant-search-travelers-phones-eff-tells-court
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">The Border Isn’t a Constitution-Free Zone</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal"><span>Richmond, Virginia—Border agents must obtain a warrant to search travelers’ phones, tablets, and laptops, which contain a vast trove of sensitive, highly personal information that is protected by the Fourth Amendment, the Electronic Frontier Foundation (EFF)<a href="https://www.eff.org/document/us-v-kolsuz-eff-amicus-brief" target="_blank"> told</a> a federal appeals court today.</span></p>
<p class="MsoNormal"><span>Searches of devices at the border <a href="https://www.eff.org/wp/digital-privacy-us-border-2017" target="_blank">have more than doubled</a> since the inauguration of President Trump—from nearly 25,000 in all of 2016, to 5,000 in February alone. This increase, along with the increasing number of people who carry these devices when they travel, has heightened awareness of the need for stronger privacy rights while crossing the U.S. border. <span> </span></span></p>
<p class="MsoNormal"><span>While the Fourth Amendment ordinarily requires law enforcement officials to get a warrant supported by probable cause before searching our property, in cases that predate the rise of digital devices, courts granted <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole" target="_blank">border agents the power</a> to search our luggage without a warrant or any suspicion of wrongdoing.</span></p>
<p class="MsoNormal"><span>But portable digital devices</span><span> differ wildly from luggage or other physical items we carry with us to the airport because they provide access to the entirety of our private lives, </span><span>EFF said in an amicus <a href="https://www.eff.org/document/us-v-kolsuz-eff-amicus-brief" target="_blank">brief</a> filed at the U.S. Court of Appeals for the Fourth Circuit in the border search case <i>U.S. v. Kolsuz</i>. <span></span>In 2014 the Supreme Court <a href="https://www.eff.org/document/riley-wurie-supreme-court-opinions" target="_blank">noted</a> that cellphones now hold “the privacies of life” for people, including <span></span></span><span>highly personal, private information such as photos, texts, contact lists, email messages, and videos. Many digital devices can access personal records stored in the “cloud,” such as financial or medical information. Before smartphones were invented, that kind of information would be kept in our home offices, desk drawers, or basement storage. If law enforcement officers wanted to enter your home or lock box as part of a search, they’d need to go before a judge, prove probable cause that you’re involved in a crime, and get a warrant.<span> </span></span><span></span></p>
<p class="MsoNormal"><span>“The border isn’t a constitution-free zone,” said Adam Schwartz, EFF senior staff attorney. “The U.S. Supreme Court <a href="https://www.eff.org/press/releases/supreme-court-sets-powerful-limits-cell-searches-fails-protect-internet-streaming" target="_blank">ruled in 2014 </a></span><span>that mobile phones are a window into our private lives and police need to show there’s probable cause that the people they arrest have committed crimes and obtain a warrant to search their phones. There should be no less protection for individuals who have not been arrested or shown to have committed any crime, but who instead simply want to enter the United States.”</span></p>
<p class="MsoNormal"><span>It’s never been more important for courts to follow the standard set by the Supreme Court about cell phone searches and apply it to borders searches. <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans" target="_blank">Reports</a> have surfaced of border agents searching the devices of innocent U.S. citizens, green card holders, and foreign visitors. While all kinds of travelers have suffered this intrusion, many reports involve <a href="https://www.cpj.org/2017/02/bbc-journalist-questioned-by-us-border-agents-devi.php" target="_blank">journalists</a>, Muslim-Americans, and Americans with Middle Eastern-sounding names</span>. <span>Asian Americans Advancing Justice-Asian Law Caucus, Brennan Center for Justice, Council on American-Islamic Relations and six of its chapters, and The National Association of Criminal Defense Lawyers joined EFF in filing the brief.</span></p>
<p class="MsoNormal"><span>“Law enforcement officials should be required to meet the same standards for searching our cell phones wherever we are—in our cities, on the highway, at vehicle checkpoints, and at the border. Regardless of the location, when officials want to crack open the private information in someone’s phone, they must first obtain a warrant,” said Schwartz.</span></p>
<p class="MsoNormal"><span>For the brief:<br /></span><a href="https://www.eff.org/document/us-v-kolsuz-eff-amicus-brief" target="_blank"><span>https://www.eff.org/document/us-v-kolsuz-eff-amicus-brief</span></a></p>
<p class="MsoNormal"><span>For EFF’s new border guide:<br /></span><a href="https://www.eff.org/wp/digital-privacy-us-border-2017" target="_blank"><span>https://www.eff.org/wp/digital-privacy-us-border-2017</span></a></p>
<p class="MsoNormal"><span>For EFF’s new border pocket guide:<br /></span><a href="https://www.eff.org/document/eff-border-search-pocket-guide" target="_blank"><span>https://www.eff.org/document/eff-border-search-pocket-guide</span></a></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Adam</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Schwartz</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Senior Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:adam@eff.org">adam@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Mon, 20 Mar 2017 18:56:48 +0000karen95330 at https://www.eff.orgSen. Wyden: Border Searches of Digital Devices Should Require a Warranthttps://www.eff.org/fr/deeplinks/2017/02/sen-wyden-border-searches-digital-devices-should-require-warrant
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>This week Sen. Wyden (D-OR) sent a <a href="https://www.wyden.senate.gov/download/?id=B947731A-2394-484B-81E3-FDD49530EBF4&amp;download=1">letter</a> to Department of Homeland Security (DHS) Secretary John Kelly stating that he will soon introduce legislation that would require law enforcement agencies to obtain a warrant before searching the data on digital devices at the border. We applaud Sen. Wyden for taking a stand on this important privacy issue.</p>
<p>Sen. Wyden said that he wants to “guarantee that the Fourth Amendment is respected at the border.”</p>
<p>We have been <a href="https://www.eff.org/document/eff-saboonchi-amicus-brief">arguing for a while</a> that the Fourth Amendment requires a <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole">warrant based on probable cause</a> for border searches of cell phones, laptops and other mobile devices that contain gigabytes of highly personal information.</p>
<p>Sen. Wyden’s letter comes after <a href="https://www.eff.org/deeplinks/2017/02/invasive-digital-border-searches-tell-eff-your-story">several recent reports</a> that Customs and Border Protection (CBP) agents have been conducting invasive searches of the digital devices of Americans and foreign travelers alike. For example, CBP agents demand that travelers unlock or decrypt their devices, or simply disclose their device passcodes. Additionally, CBP agents access not only public social media posts by demanding handles, but also private social media and other <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans">“cloud” content</a> via smartphone apps. The AP recently reported that border agents accessed an American citizen’s <a href="https://apnews.com/717f33b1ee244594950ee39731d9fcea">eBay and Amazon</a> accounts via his cell phone.</p>
<p>Sen. Wyden also wants to prohibit government agents from forcing travelers to disclose the login credentials to their social media and other online accounts. Secretary Kelly <a href="https://www.eff.org/deeplinks/2017/02/border-security-overreach-continues-dhs-wants-social-media-login-information">proposed requiring this from foreign visitors</a> to the U.S. during a congressional hearing earlier this month.</p>
<p>Sen. Wyden argued that DHS/CBP policies and practices violate the privacy and civil liberties of travelers, “distract CBP from its core mission and needlessly divert agency resources away from those who truly threaten our nation,” and harm U.S. economic interests by discouraging international business travel.</p>
<p>Sen. Wyden also asked Secretary Kelly to respond to five excellent questions by March 20, 2017:</p>
<ol><li>What legal authority permits CBP to ask for or demand, as a condition of entry, that a U.S. person disclose their social media or email account password?</li>
<li>How is CBP use of a traveler’s password to gain access to data stored in the cloud consistent with the <a href="https://www.law.cornell.edu/uscode/text/18/1030">Computer Fraud and Abuse Act</a>?</li>
<li>What legal authority permits CBP to ask for or demand, as a condition of entry, that a U.S. person turn over their device PIN or password to gain access to encrypted data? How are such demands consistent with the Fifth Amendment?</li>
<li>How many times in each calendar year 2012-2016 did CBP personnel ask for or demand, as a condition of entry, that a U.S. person disclose a smartphone or computer passcode, or otherwise provide access to a locked smartphone or computer? How many times has this occurred since January 20, 2017?</li>
<li>How many times in each calendar year [2012-2016] did CBP personnel ask for or demand, as a condition of entry, that a U.S. person disclose a social media or email account password, or otherwise provide CBP personnel access to data stored in an online account? How many times has this occurred since January 20, 2017?</li>
</ol><p>While we believe that the Constitution requires the highest level of legal protection for digital data at the border and we urge courts to make this clear in case law, we support Sen. Wyden’s effort to enshrine a probable cause warrant requirement in legislation. The faster we reach this unequivocal rule the better.</p>
<p>We also look forward to Secretary Kelly’s responses to Sen. Wyden’s questions.</p>
<p>In the meantime, please tell us <a href="https://www.eff.org/deeplinks/2017/02/invasive-digital-border-searches-tell-eff-your-story">your border search stories</a>. You can write to us at <b>borders@eff.org</b>. If you want to contact us securely via email, please use <a href="https://www.eff.org/about/contact">PGP/GPG</a>. Or you can call us at +1-415-436-9333.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Wed, 22 Feb 2017 07:09:56 +0000sophia95006 at https://www.eff.orgLegislative AnalysisTravel ScreeningPrivacyBorder SearchesBorder Security Overreach Continues: DHS Wants Social Media Login Informationhttps://www.eff.org/fr/deeplinks/2017/02/border-security-overreach-continues-dhs-wants-social-media-login-information
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="/files/2017/02/10/og-borderagents-2.png" alt="A border agent examines a smartphone. " width="648" height="324" />Now more than ever, it is apparent that U.S. Customs and Border Protection (CBP) and its parent agency, the Department of Homeland Security (DHS), are embarking on a broad campaign to invade the digital lives of innocent individuals.</p>
<p>The new DHS secretary, John Kelly, told a congressional committee this week that the department may soon demand <a href="http://www.nbcnews.com/news/us-news/us-visitors-may-have-hand-over-social-media-passwords-kelly-n718216">login information</a> (usernames and passwords) for social media accounts from foreign visa applicants—at least those subject to the controversial <a href="https://www.whitehouse.gov/the-press-office/2017/01/27/executive-order-protecting-nation-foreign-terrorist-entry-united-states">executive order on terrorism and immigration</a>—and those who don’t comply will be denied entry into the United States. This effort to access both public and private communications and associations is the latest move by a department that is overreaching its border security authority.</p>
<p>In December 2016, DHS began asking another subset of foreign visitors, those from Visa Waiver Countries, for their <a href="https://www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan">social media handles</a>. DHS <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">defended itself</a> by stating that not only would compliance be voluntary, the government only wanted to access publicly viewable social media posts: “If an applicant chooses to answer this question, DHS will have timely visibility of the publicly available information on those platforms, consistent with the privacy settings the applicant has set on the platforms.”</p>
<p>As we wrote last fall in <a href="https://www.eff.org/document/cbp-comments-final-aug-22-2016">comments</a> to DHS, even seeking the ability to view the public social media posts of international travelers implicates the universal human rights of free speech and privacy, and—importantly—the comparable constitutional rights of their American associates. Our objections are still salient given that DHS may soon <i>mandate</i> access to both public and <i>private</i> social media content and contacts of another group of foreigners visitors.</p>
<p>Moreover, as a practical matter, such vetting is unlikely to weed out terrorists as they would surely <a href="https://www.theguardian.com/us-news/2017/feb/08/border-security-facebook-password-trump-travel-ban">scrub their social media accounts</a> prior to seeking entry into the U.S.</p>
<p>Such border security overreach doesn’t stop there.</p>
<p>There have been several reports recently of CBP agents demanding access to social media information and digital devices of both <a href="https://www.eff.org/deeplinks/2017/02/invasive-digital-border-searches-tell-eff-your-story">American citizens and legal permanent residents</a>. Most disturbing are the invasive searches of Americans’ cell phones, where CBP has been accessing social media apps that may reveal private posts and relationships, as well as emails, texts messages, browsing history, contact lists, photos—whatever is accessible via the phone.</p>
<p>Such border searches of Americans’ digital devices and cloud content are unconstitutional absent <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans">individualized suspicion</a>, specifically, a <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole">probable cause warrant</a>. In light of the DHS secretary’s statements this week, we fear that DHS may soon take the next step down this invasive path and demand the login information for American travelers’ online accounts so that the government can peruse private, highly personal information without relying on access to a mobile device.</p>
<p>These policies and practices of DHS/CBP must be chronicled and opposed.</p>
<p>Please tell us your <a href="https://www.eff.org/deeplinks/2017/02/invasive-digital-border-searches-tell-eff-your-story">border search stories</a>. You can write to us at <b>borders@eff.org</b>. If you want to contact us securely via email, please use <a href="https://www.eff.org/about/contact">PGP/GPG</a>. Or you can call us at +1-415-436-9333.</p>
<p>We also encourage you to contact your congressional representatives in the <a href="https://www.senate.gov/senators/contact/">Senate</a> and <a href="http://www.house.gov/representatives/">House of Representatives</a>.</p>
<p>You may also contact the DHS <a href="https://www.dhs.gov/office-civil-rights-and-civil-liberties">Office of Civil Rights and Civil Liberties</a> (crcl@dhs.gov) and the <a href="https://www.oig.dhs.gov/index.php?option=com_content&amp;view=article&amp;id=91&amp;Itemid=62">DHS Inspector General</a> (dhs-oig.officepublicaffairs@oig.dhs.gov).</p>
<p></p><center>Join the fight for online privacy and free expression.
<p><a href="https://supporters.eff.org/donate/border-search"><img src="https://www.eff.org/files/2016/05/17/donate-bttn.png" alt="donate to EFF" width="216" height="52" /></a></p>
<p></p></center>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Fri, 10 Feb 2017 18:10:33 +0000sophia94919 at https://www.eff.orgCall To ActionTravel ScreeningBorder SearchesPrivacyالتفتيش الرقمي الاعتباطي على الحدود: أخبر قصتك لمؤسسة الجبهة الالكترونيةhttps://www.eff.org/fr/node/94855
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="/files/2017/02/01/og-borderagents-2.png" alt="A border agent holds up a smartphone, turning the screen red." height="325" width="650" /></p>
<p dir="rtl">بعد <a href="http://www.nbcnews.com/politics/politics-news/priebus-immigration-order-doesn-t-include-green-card-holders-anyone-n713731">الأمر التنفيذي المحير</a> <a href="https://www.whitehouse.gov/the-press-office/2017/01/27/executive-order-protecting-nation-foreign-terrorist-entry-united-states">حول الإرهاب والهجرة</a> الذي أصدره الرئيس ترمب، ذكرت بعض التقارير خلال عطلة نهاية الأسبوع أن عناصر الحدود في المطارات كانوا يفتشون هواتف المسافرين القادمين من الشرق الأوسط، بمن فيهم <a href="http://www.nbcbayarea.com/news/local/Oakland-Green-Card-Holder-Reports-Being-Questioned-Detained-How-Many-More-Are-We-Not-Hearing-About-412429423.html">المقيمين الدائمين في الولايات المتحدة</a> (<a href="http://www.freep.com/story/news/local/michigan/wayne/2017/01/30/travelers-texts-emails-searched-detroit-metro-airport/97257722/">حاملي البطاقة الخضراء</a>). ما يقلقنا أن هذا يشير إلى توسعٍ في الممارسات الاقتحامية الرقمية القائمة أساساً لدى الجمارك وحماية الحدود الأمريكية، ولهذا السبب نطلب منكم إرسال قصصكم عن التفتيش الرقمي على الحدود.</p>
<p dir="rtl">بدأت دائرة الجمارك وحماية الحدود منذ بعض الوقت بممارسة مطالبة الأمريكيين والأجانب بمعلومات عن وسائل التواصل الاجتماعي <a href="https://www.dhs.gov/sites/default/files/publications/privacy_pia_cbp_laptop.pdf">وبالولوج إلى أجهزتهم الرقمية</a>، والتي يختزن فيها معلومات واتصالات شخصية تماماً، أو ترتبط بتطبيقات سحابية ذات بيانات على نفس الدرجة من الحساسية.</p>
<p dir="rtl">فعلى سبيل المثال، كتبنا الأسبوع الماضي عن شكاوى صادرة عن <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans">مواطنين أمريكيين مسلمين</a> حول ولوج الجمارك وحماية الحدود إلى منشورات عامة عبر المطالبة بأسماء الحسابات على وسائل التواصل الاجتماعية، ولربما اطلعت على منشورات خاصة عبر المطالبة بكلمات المرور الخاصة بأجهزة الخليوي ومتابعة تطبيقات التواصل الاجتماعي. كما أن هناك مزاعم مفادها أن عناصر الحدود قد قاموا <a href="https://www.cairflorida.org/newsroom/press-releases/720-cair-fl-files-10-complaints-with-cbp-after-the-agency-targeted-and-questioned-american-muslims-about-religious-and-political-views.html">بالاعتداء الجسدي</a> على رجل كان قد رفض تسليم هاتفه غير المقفل.</p>
<p dir="rtl">كما قامت الجمارك وحماية الحدود بتفتيش أو محاولة تفتيش الأجهزة الرقمية الخاصة <a href="https://cpj.org/blog/2016/12/security-risk-for-sources-as-us-border-agents-stop.php">بالصحفيين</a>، بما في ذلك أجهزة <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole">مراسل لصحيفة وول ستريت جورنال</a> وهو مواطن أمريكي. وكذلك فثمة أمريكيين آخرين يخضعون للتوقيف وتفتيش أجهزتهم الرقمية على الحدود، وقد طال ذلك <a href="https://www.eff.org/cases/united-states-v-saboonchi">مواطناً إيرانياً–أمريكياً مزدوج الجنسية</a> كان عائداً إلى الولايات المتحدة من إجازة قضاها في شلالات نياجارا، وقد قدمنا إلى المحكمة باسمه موجز "<a href="https://www.eff.org/document/eff-saboonchi-amicus-brief">صديق المحكمة</a>".</p>
<p dir="rtl">في الخريف الماضي رفعنا تعليقات إلى دائرة الجمارك وحماية الحدود نعارض فيه مقترحاً، كان قد <a href="https://www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan">تمت الموافقة عليه في كانون الأول/ديسمبر</a> قبل تولي الرئيس ترامب لمنصبه، يطلب من الزوار الأجانب من البلدان المعفاة من تأشيرة الدخول أن يكشفوا طواعيةً عن <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">حسابات وسائل تواصلهم الاجتماعية</a>. و<a href="http://www.cnn.com/2017/01/29/politics/donald-trump-immigrant-policy-social-media-contacts/index.html">ذكرت قناة سي إن إن</a> مؤخراً أن إدارة ترامب تفكر في الاشتراط على جميع الزوار الأجانب "الكشف عن جميع المواقع الالكترونية ومواقع التواصل الاجتماعي التي يتصفحونها، ومشاركة جهات الاتصال الموجودة على هواتفهم المحمولة."</p>
<p dir="rtl">فنظراً لهذه التطورات الأخيرة، نشعر بالقلق من أنّ الاقتحامية والتكرار في تفتيش الأجهزة والتحقيق في الحياة الرقمية للمسافرين في ازدياد.</p>
<p dir="rtl">لأن هذا جزء من عملنا في مكافحة ما نؤمن أنها <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans">تصرفات</a> <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole">غير دستورية</a> على الحدود، ولكي نفهم أكثر كيف يمكن لسياسات إدارة ترامب الجديدة أن تغير الممارسات الحدودية، نرغب في سماع قصصكم.</p>
<p dir="rtl">رجاءً أعلمونا إذا قام أحد المسؤولين الأميركيين على الحدود بتفتيش جهازكم الخليوي أو حاسوبكم المحمول أو جهاز رقمي آخر، أو إذا طلب منكم كلمة المرور لجهازكم أو أمركم بفك قفل أو فك تشفير الجهاز، أو إذا طلب منكم حساباتكم على مواقع التواصل الاجتماعي.</p>
<p dir="rtl">نود أن نسمع من الجميع، ولكن بشكل خاص إن كنت مواطناً أمريكياً أو مقيماً دائماً (حاملاً للبطاقة الخضراء) في الولايات المتحدة.</p>
<p dir="rtl">رجاءً أخبرنا عن :</p>
<ul></ul><p dir="rtl">وضعك القانوني في الولايات المتحدة (مواطن، مقيم بشكل دائم، حامل لتأشيرة دخول).</p>
<p dir="rtl">في أي مطار أو أي معبر حدودي كنت.</p>
<p dir="rtl">ما الأجهزة التي كانت بحوزتك.</p>
<p dir="rtl">ما الذي طلبه منك تحديداً عناصر حماية الحدود (بما في ذلك حسابات التواصل الاجتماعي وكلمات المرور) أو ما الذي فتشوه بالتحديد.</p>
<p dir="rtl">فيما إذا سجل عناصر الحدود أية معلومات.</p>
<p dir="rtl">فيما إذا صرّح عناصر الحدود أو لمحوا أن الامتثال لمطالبهم هو أمر تطوعي أو إجباري.</p>
<p dir="rtl">فيما إذا هددك عناصر الحدود بأي طريقة كانت.</p>
<p dir="rtl">فيما إذا صرّح عناصر الحدود عن سبب لمطالبهم تلك</p>
<ul></ul><p dir="rtl">يمكنكم التواصل مع EFF على <a href="mailto:borders@eff.org">borders@eff.org</a> واستخدام PGP/GPG للتواصل الآمن، أو الاتصال بهم على: +1-415-436-9333</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Mon, 06 Feb 2017 18:00:41 +0000kim94855 at https://www.eff.orgCall To ActionBorder SearchesTravel ScreeningBúsquedas digitales invasivas en la frontera: Cuéntele su historia a EFFhttps://www.eff.org/fr/node/94837
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="/files/2017/02/01/og-borderagents-2.png" alt="A border agent holds up a smartphone, turning the screen red." width="650" height="325" />Después de la <a href="http://www.nbcnews.com/politics/politics-news/priebus-immigration-order-doesn-t-include-green-card-holders-anyone-n713731">confusa</a> <a href="https://www.whitehouse.gov/the-press-office/2017/01/27/executive-order-protecting-nation-foreign-terrorist-entry-united-states">orden ejecutiva del presidente Trump sobre terrorismo e inmigración</a>, surgieron informes, durante el fin de semana, que los agentes fronterizos de los aeropuertos estaban secuestrando los teléfonos celulares de pasajeros procedentes de Oriente Medio, incluidos los <a href="http://www.nbcbayarea.com/news/local/Oakland-Green-Card-Holder-Reports-Being-Questioned-Detained-How-Many-More-Are-We-Not-Hearing-About-412429423.html">residentes</a> <a href="http://www.freep.com/story/news/local/michigan/wayne/2017/01/30/travelers-texts-emails-searched-detroit-metro-airport/97257722/">permanentes</a> de Estados Unidos. Nos preocupa que esto indique una expansión de las, ya invasivas, prácticas digitales del departamento de migraciones y protección de la frontera de Estados Unidos (US Customs and Border Protection - CBP), por lo que estamos pidiendo nos cuenten sus historias en caso el Estado revisará sus equipos en la frontera.</p>
<p>CBP tiene, desde hace algún tiempo, la práctica de exigir a los estadounidenses y extranjeros información sobre redes sociales y <a href="https://www.dhs.gov/sites/default/files/publications/privacy_pia_cbp_laptop.pdf">acceso a sus dispositivos digitales</a>, que contienen en su propio sistema de almacenamiento; información y comunicaciones altamente personales o enlaces a aplicaciones basadas en la nube con datos igualmente sensibles.</p>
<p>La semana pasada, por ejemplo, escribimos sobre las quejas de ciudadanos estadounidenses <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans">musulmanes</a> sobre como el CBP accedían a información pública de redes sociales exigiéndoles su nombre de usuario y también accedían – potencialmente - a mensajes privados al exigir los códigos de desbloqueo de telefonos celulares y al explorando las aplicaciones de redes sociales. Los agentes fronterizos, supuestamente, también <a href="https://www.cairflorida.org/newsroom/press-releases/720-cair-fl-files-10-complaints-with-cbp-after-the-agency-targeted-and-questioned-american-muslims-about-religious-and-political-views.html">abusaron</a> físicamente de un hombre que se negó a entregar su teléfono desbloqueado.</p>
<p>La CBP también ha buscado o intentado buscar en los dispositivos digitales de <a href="https://cpj.org/blog/2016/12/security-risk-for-sources-as-us-border-agents-stop.php">periodistas</a>, entre ellos de <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole">un reportero del Wall Street Journal</a> que es ciudadano estadounidense. Otros estadounidenses también están sujetos a la incautación y la búsqueda de sus dispositivos digitales en la frontera, incluyendo a <a href="https://www.eff.org/cases/united-states-v-saboonchi">un ciudadano dual iraní-estadounidense</a> que regresaba a los Estados Unidos de unas vacaciones a las Cataratas del Niágara y en cuyo nombre escribimos <a href="https://www.eff.org/document/eff-saboonchi-amicus-brief">un amicus curiae</a>.</p>
<p>El otoño pasado, enviamos nuestros comentarios al CBP oponiéndonos a una propuesta <a href="https://www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan">aprobada en diciembre</a>, antes de que el Presidente Trump asumiera el cargo, pidiendo a los visitantes extranjeros del Programa de Exención de Visa (Visa Waiver Countries) revelar voluntariamente <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">sus usuarios de redes sociales</a>. Y <a href="http://www.cnn.com/2017/01/29/politics/donald-trump-immigrant-policy-social-media-contacts/index.html">CNN informó</a> recientemente que la Administración Trump está contemplando la obligación de todos los visitantes extranjeros "de revelar todos los sitios web y sitios de redes sociales que visitan, y de compartir los contactos en sus teléfonos celulares".</p>
<p>Teniendo en cuenta estos acontecimientos recientes, nos preocupa que lo invasivo y frecuente de las búsquedas en dispositivos e investigaciones sobre la vida digital de los viajeros están aumentando.</p>
<p>Como parte de nuestro trabajo para combatir lo que creemos que son <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans">prácticas</a> <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole">inconstitucionales</a> en la frontera, y para entender mejor cómo las nuevas políticas de la Administración Trump pueden estar cambiando las prácticas fronterizas, nos gustaría escuchar sus historias.</p>
<p><strong>Por favor, háganos saber si un funcionario estadounidense en la frontera examinó su teléfono celular, computadora portátil u otro dispositivo digital; Solicitó el código de acceso de su dispositivo, le ordenó desbloquearlo o descifrarlo o preguntó por sus usuarios de redes sociales.</strong></p>
<p>Nos gustaría saber de los casos de todos, pero especialmente si usted <strong>es ciudadano o residente permanente (tarjeta verde) de los Estados Unidos</strong>.</p>
<p>Por favor díganos:</p>
<ul><li>Su estatus legal en los Estados Unidos (ciudadano, residente permanente, titular de la visa).</li>
<li>En qué aeropuerto o frontera estaba.</li>
<li>Qué dispositivos tenía con usted.</li>
<li>Lo que los agentes fronterizos exigieron específicamente (incluidos los usuarios de redes sociales y los códigos de acceso) o lo que buscaron específicamente.</li>
<li>Si los agentes fronterizos registraron alguna información.</li>
<li>Si los agentes fronterizos declararon o sugirieron que el cumplimiento de sus demandas era voluntario o obligatorio.</li>
<li>Si los agentes fronterizos lo amenazaron de alguna manera.</li>
<li>Si los agentes fronterizos manifestaron alguna razón para sus demandas.</li>
</ul><p>Puede escribirnos a <strong>borders@eff.org</strong>. Si desea ponerse en contacto con nosotros de forma segura por correo electrónico, utilice <a href="https://www.eff.org/about/contact">PGP/GPG</a>. O puede llamarnos al + 1-415-436-9333.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Fri, 03 Feb 2017 18:11:09 +0000kim94837 at https://www.eff.orgCall To ActionBorder SearchesTravel ScreeningInvasive Digital Border Searches: Tell EFF Your Storyhttps://www.eff.org/fr/node/94798
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="/files/2017/02/01/og-borderagents-2.png" alt="A border agent holds up a smartphone, turning the screen red." height="325" width="650" />Following President Trump’s <a href="http://www.nbcnews.com/politics/politics-news/priebus-immigration-order-doesn-t-include-green-card-holders-anyone-n713731">confusing</a> <a href="https://www.whitehouse.gov/the-press-office/2017/01/27/executive-order-protecting-nation-foreign-terrorist-entry-united-states">executive order on terrorism and immigration</a>, reports surfaced over the weekend that border agents at airports were searching the cell phones of passengers arriving from the Middle East, including <a href="http://www.nbcbayarea.com/news/local/Oakland-Green-Card-Holder-Reports-Being-Questioned-Detained-How-Many-More-Are-We-Not-Hearing-About-412429423.html">U.S. permanent residents</a> (<a href="http://www.freep.com/story/news/local/michigan/wayne/2017/01/30/travelers-texts-emails-searched-detroit-metro-airport/97257722/">green card holders</a>). We’re concerned that this indicates an expansion of the already invasive digital practices of U.S. Customs and Border Protection (CBP), which is why we’re asking for your digital border search stories.</p>
<p>CBP has for some time now had a practice of demanding from both Americans and foreigners social media information and <a href="https://www.dhs.gov/sites/default/files/publications/privacy_pia_cbp_laptop.pdf">access to digital devices</a>, which store on the devices themselves highly personal information and communications or link to cloud-based apps with equally sensitive data.</p>
<p>Last week, for example, we wrote about complaints by <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans">Muslim American citizens</a> that CBP accessed public posts by demanding social media handles, and potentially accessed private posts by demanding cell phone passcodes and perusing social media apps. Border agents also allegedly <a href="https://www.cairflorida.org/newsroom/press-releases/720-cair-fl-files-10-complaints-with-cbp-after-the-agency-targeted-and-questioned-american-muslims-about-religious-and-political-views.html">physically abused</a> one man who refused to hand over his unlocked phone.</p>
<p>CBP has also searched or attempted to search the digital devices of <a href="https://cpj.org/blog/2016/12/security-risk-for-sources-as-us-border-agents-stop.php">journalists</a>, including a <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole"><i>Wall Street Journal</i> reporter</a> who is an American citizen. Other Americans are also subject to seizure and search of their digital devices at the border, including one <a href="https://www.eff.org/cases/united-states-v-saboonchi">Iranian-American dual citizen</a> who was returning to the U.S. from vacation to Niagara Falls and on whose behalf we wrote an <a href="https://www.eff.org/document/eff-saboonchi-amicus-brief"><i>amicus</i> brief</a>.</p>
<p>Last fall, we submitted comments to CBP opposing a proposal, which was <a href="https://www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan">approved in December</a> before President Trump took office, to ask foreign visitors from Visa Waiver Countries voluntarily to disclose their <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">social media handles</a>. And <a href="http://www.cnn.com/2017/01/29/politics/donald-trump-immigrant-policy-social-media-contacts/index.html">CNN reported</a> recently that the Trump Administration is contemplating requiring all foreign visitors “to disclose all websites and social media sites they visit, and to share the contacts in their cell phones.”</p>
<p>Given these recent developments, we’re worried that the invasiveness and frequency of device searches and investigations into the digital lives of travelers are increasing.</p>
<p>As part of our work to combat what we believe to be <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole">unconstitutional</a> <a href="https://www.eff.org/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans">practices</a> at the border, and to better understand how the Trump Administration’s new policies may be changing border practices, we would like to hear your stories.</p>
<p><b>Please let us know if a U.S. official at the border examined your cell phone, laptop, or other digital device; asked for your device’s passcode or ordered you to unlock or decrypt it; or asked for your social media handles.</b></p>
<p>We would like to hear from everyone, but especially if you are a <b>citizen or permanent resident (green card holder) of the United States.</b></p>
<p>Please tell us:</p>
<ul><li>Your legal status in the U.S. (citizen, permanent resident, visa holder).</li>
<li>What airport or border crossing you were at.</li>
<li>What devices you had with you.</li>
<li>What border agents specifically demanded (including social media handles and passcodes) or what they specifically looked through.</li>
<li>Whether border agents recorded any information.</li>
<li>Whether border agents stated or suggested that compliance with their demands was voluntary or mandatory.</li>
<li>Whether border agents threatened you in any way.</li>
<li>Whether border agents stated any reasons for their demands.</li>
</ul><p>You can write to us at <b>borders@eff.org</b>. If you want to contact us securely via email, please use <a href="https://www.eff.org/about/contact">PGP/GPG</a>. Or you can call us at +1-415-436-9333.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Wed, 01 Feb 2017 21:52:35 +0000sophia94798 at https://www.eff.orgCall To ActionBorder SearchesTravel ScreeningFear Materialized: Border Agents Demand Social Media Data from Americanshttps://www.eff.org/fr/deeplinks/2017/01/fear-materialized-border-agents-demand-social-media-data-americans
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="/files/2017/01/26/og-borderagents-2.png" alt="A customs officer inspects a smart phone." width="650" height="325" />The Council on American-Islamic Relations (CAIR) recently <a href="https://www.cairflorida.org/newsroom/press-releases/720-cair-fl-files-10-complaints-with-cbp-after-the-agency-targeted-and-questioned-american-muslims-about-religious-and-political-views.html">filed complaints</a> against U.S Customs and Border Protection (CBP) for, in part, demanding <a href="https://theintercept.com/2017/01/14/complaints-describes-border-agents-interrogating-muslim-americans-asking-for-social-media-accounts/">social media information</a> from Muslim American citizens returning home from traveling abroad. According to CAIR, CBP accessed public posts by demanding social media handles, and potentially accessed private posts by demanding cell phone passcodes and perusing social media apps. And border agents allegedly physically abused one man who refused to hand over his unlocked phone.</p>
<p>CBP recently began asking <a href="https://www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan">foreign visitors</a> to the U.S. from Visa Waiver Countries for their social media identifiers. Last fall we filed our <a href="https://www.eff.org/document/cbp-comments-final-aug-22-2016">own comments</a> opposing the policy, and joined two sets of <a href="https://www.eff.org/deeplinks/2016/10/un-joins-critique-proposed-cbp-social-media-questions">coalition comments</a>, one by the <a href="https://cdt.org/insight/coalition-letter-opposing-dhs-social-media-collection-proposal/">Center for Democracy &amp; Technology</a> and the other by the <a href="https://www.brennancenter.org/analysis/civil-liberties-coalition-submits-comments-dhs-plan-collect-social-media-information">Brennan Center for Justice</a>. Notably, CBP <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">explained</a> that it was only seeking publicly available social media data, “consistent with the privacy settings the applicant has set on the platforms.”</p>
<p>We raised concerns that the policy would be extended to cover Americans and private data. It appears our fears have come true far faster than we expected. Specifically, we <a href="https://www.eff.org/document/cbp-comments-final-aug-22-2016">wrote</a>:</p>
<blockquote><p>It would be a series of small steps for CBP to require <i>all </i>those seeking to enter the U.S.—both foreign visitors and U.S. citizens and residents returning home—to disclose their social media handles to investigate whether they might have become a threat to homeland security while abroad. Or CBP could subject both foreign visitors and U.S. persons to invasive <i>device</i> searches at ports of entry with the intent of easily accessing <i>any and all </i>cloud data; CBP could then access both public and private online data—not just social media content and contacts that may or may not be public (e.g., by perusing a smartphone’s Facebook app), but also other private communications and sensitive information such as health or financial status.</p></blockquote>
<p>We believe that the CBP practices against U.S. citizens alleged by CAIR violate the Constitution. Searching through Americans’ social media data and personal devices intrudes upon both First and Fourth Amendment rights.</p>
<p>CBP’s <a href="https://www.dhs.gov/sites/default/files/publications/privacy_pia_cbp_laptop.pdf">2009 policy</a> on border searches of electronic devices is woefully out of date. It does not contemplate how accessing social media posts and other communications—whether public or private—creates chilling effects on freedom of speech, including the First Amendment right to speak anonymously, and the <a href="http://constitution.findlaw.com/amendment1/annotation12.html">freedom of association</a>.</p>
<p>Nor does the policy recognize the significant privacy invasions of accessing private social media data and other cloud content that is not publicly viewable. In <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">claiming</a> that its program of screening the social media accounts of Visa Waiver Program visitors does not bypass privacy settings, CBP is paying more heed to the rights of foreigners than American citizens.</p>
<p>Finally, the CBP policy does not address recent court decisions that limit the border search exception, which permits border agents to conduct “routine” searches without a warrant or individualized suspicion (contrary to the general Fourth Amendment rule requiring a warrant based on probable cause for government searches and seizures). These new legal rulings place greater Fourth Amendment restrictions on border searches of digital devices that contain highly personal information. </p>
<p>As we recently <a href="https://www.eff.org/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole">explained</a>:</p>
<blockquote><p>The U.S. Court of Appeals for the Ninth Circuit in <a href="http://caselaw.findlaw.com/us-9th-circuit/1624272.html"><i>U.S. v. Cotterman</i> (2013)</a> held that border agents needed to have reasonable suspicion—somewhere between no suspicion and probable cause—before they could conduct a “forensic” search, aided by sophisticated software, of the defendant’s laptop….</p>
<p>The Supreme Court held in <a href="http://caselaw.findlaw.com/us-supreme-court/13-132-nr2.html"><i>Riley v. California</i> (2014)</a> that the police may not invoke another exception to the warrant requirement, the search-incident-to-arrest exception, to search a cell phone possessed by an arrestee—instead, the government needs a probable cause warrant. The Court stated, “Our holding, of course, is not that the information on a cell phone is immune from search; it is instead that a warrant is generally required before such a search, even when a cell phone is seized incident to arrest.”</p></blockquote>
<p>Although <i>Riley</i> was not a border search case, the <a href="https://www.eff.org/cases/united-states-v-saboonchi"><i>Riley</i> rule should apply at the border, too</a>. Thus, CBP agents should be required to obtain a probable cause warrant before searching a cell phone or similar digital device.</p>
<p>Both <i>Riley</i> and <i>Cotterman</i> recognized that the weighty privacy interests in digital devices are even weightier when law enforcement officials use these devices to search cloud content. A digital device is not an <a href="https://www.law.cornell.edu/constitution/fourth_amendment">ordinary “effect”</a> akin to a piece of luggage or wallet, but rather is a portal into an individual’s entire life, much of which is online.</p>
<p>The Ninth Circuit wrote:</p>
<blockquote><p>With the ubiquity of cloud computing, the government’s reach into private data becomes even more problematic. In the “cloud,” a user’s data, including the same kind of highly sensitive data one would have in “papers” at home, is held on remote servers rather than on the device itself. The digital device is a conduit to retrieving information from the cloud, akin to the key to a safe deposit box. Notably, although the virtual “safe deposit box” does not itself cross the border, it may appear as a seamless part of the digital device when presented at the border.</p></blockquote>
<p>And the Supreme Court wrote:</p>
<blockquote><p>To further complicate the scope of the privacy interests at stake, the data a user views on many modern cell phones may not in fact be stored on the device itself. Treating a cell phone as a container whose contents may be searched incident to an arrest is a bit strained as an initial matter…. But the analogy crumbles entirely when a cell phone is used to access data located elsewhere, at the tap of a screen. That is what cell phones, with increasing frequency, are designed to do by taking advantage of “cloud computing.” Cloud computing is the capacity of Internet-connected devices to display data stored on remote servers rather than on the device itself. Cell phone users often may not know whether particular information is stored on the device or in the cloud, and it generally makes little difference.</p></blockquote>
<p>The <i>Riley</i> Court went on to state:</p>
<blockquote><p>The United States concedes that the search incident to arrest exception may not be stretched to cover a search of files accessed remotely—that is, a search of files stored in the cloud…. Such a search would be like finding a key in a suspect’s pocket and arguing that it allowed law enforcement to unlock and search a house.</p></blockquote>
<p>Thus, the border search exception also should not be “stretched to cover” social media or other cloud data, particularly that which is protected by privacy settings and thus not publicly viewable. In other words, a border search of a traveler’s cloud content is not “routine” and thus should not be allowed in the absence of individualized suspicion. Indeed, border agents should heed the final words of the unanimous <i>Riley</i> decision: “get a warrant.”</p>
<p>We hope CBP will fully and fairly investigate CAIR’s grave allegations and provide a public explanation. We also urge the agency to change its outdated policy on border searches of electronic devices to comport with recent developments in case law. Americans should not fear having their entire digital lives unreasonably exposed to the scrutiny of the federal government simply because they travel abroad.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Thu, 26 Jan 2017 04:42:37 +0000sophia94746 at https://www.eff.orgLegal AnalysisBorder SearchesTravel ScreeningLaw Enforcement Uses Border Search Exception as Fourth Amendment Loopholehttps://www.eff.org/fr/deeplinks/2016/12/law-enforcement-uses-border-search-exception-fourth-amendment-loophole
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In recent months, U.S. Customs and Border Protection agents have sought access to private data on the cell phones of two journalists. Such incidents are offensive because they threaten the independence of the press and pose specific risks to confidential sources. This government overreach also highlights how weak legal protections at the border for digital devices threatens the privacy of all travelers to and from the U.S., including Americans. </p>
<p>In October 2016, CBP airport agents denied <a href="https://www.washingtonpost.com/news/the-switch/wp/2016/11/30/u-s-border-agents-stopped-journalist-from-entry-and-took-his-phones/?utm_term=.f8545fd03d87">Canadian photojournalist</a> <a href="https://www.aclu.org/blog/speak-freely/does-what-happened-journalist-us-canada-border-herald-darker-trend">Ed Ou</a> entry into the country, after detaining him for over six hours and seizing his three cell phones. According to Mr. Ou’s <a href="https://www.aclu.org/sites/default/files/field_document/aclu_letter_to_dhs-cbp_regarding_edward_ou.pdf">ACLU attorney</a>, “When the officers returned the phones to him several hours later, it was evident that their SIM cards had been temporarily removed because tamper tape covering the cards had been destroyed or altered.” Similarly, in July, CBP airport agents detained U.S. citizen and <i>Wall Street Journal</i> reporter <a href="https://www.theguardian.com/media/2016/jul/21/homeland-security-journalist-maria-abi-habib-detained">Maria Abi-Habib</a> for an hour and a half. When they asked for her cell phones, she refused and referred them to the newspaper’s lawyers. Fortunately, the agents eventually released her without seizing or searching her devices.</p>
<p>Regular travelers are also at risk. We wrote an <i>amicus</i> brief in the case of <a href="https://www.eff.org/cases/united-states-v-saboonchi">Ali Saboonchi</a>, a dual citizen of the U.S. and Iran whose cell phones and flash drive were seized at the U.S.-Canadian border after returning from a vacation to Niagara Falls. Mr. Saboonchi had been under investigation for violating the trade embargo with Iran and federal agents took advantage of his presence at the border to invoke the border search exception to the Fourth Amendment.</p>
<p>The Fourth Amendment generally requires the government to obtain a warrant from a judge, based on probable cause that evidence of a crime will be found, before seizing and searching personal property. Thus, if federal agents had wanted to confiscate and rifle through Mr. Saboonchi’s digital devices while he was at home in Maryland, they would have needed to obtain a probable cause warrant to do so.</p>
<p>Decades ago, as we discussed in <a href="https://www.eff.org/document/eff-saboonchi-amicus-brief">our brief</a>, the Supreme Court created the border search exception to the Fourth Amendment’s warrant requirement, permitting government agents to search travelers’ luggage, vehicles or persons without a warrant and almost always without any individualized suspicion of wrongdoing.</p>
<p>The Supreme Court made clear, however, that a warrantless and suspicionless search must be for a discrete public interest purpose. Should a search instead be for the purpose of ordinary law enforcement, the government must first secure a probable cause warrant. For example, the government may set up a warrantless and suspicionless vehicle checkpoint to find drunk drivers for the narrow purpose of roadway safety (notwithstanding the fact that drunk drivers may be arrested and prosecuted)—but the government may not set up a warrantless and suspicionless vehicle checkpoint to find <a href="http://caselaw.findlaw.com/us-supreme-court/531/32.html">illegal narcotics</a>, which amounts to uncovering “evidence of ordinary criminal wrongdoing.”</p>
<p>Thus the Supreme Court created the border search exception only for the narrow purposes of enforcing the <a href="https://fas.org/sgp/crs/homesec/RS21899.pdf">immigration and customs laws</a>, including ensuring that duties are paid on imported goods and that harmful people (e.g., terrorists) and harmful goods such as weapons, drugs, and infested agricultural products do not enter the country.</p>
<p>As we discussed in our <i>Saboonchi </i>brief, there is serious doubt as to whether searches generally of cell phones and similar digital devices meaningfully advance the narrow purposes of the border search exception so as to justify the categorical rule that no warrant or suspicion is required to search the data on digital devices, especially in light of the significant privacy interests at stake.</p>
<p>The seizure and search of Mr. Saboonchi’s digital devices specifically was egregious because CBP agents used the border search exception as a loophole around the general Fourth Amendment rule. CBP agents were not acting to enforce the immigration and customs laws at the time Mr. Saboonchi crossed the border back into the U.S. They instead used Mr. Saboonchi’s presence at the U.S.-Canadian border as an excuse to conduct a warrantless search for the purpose of finding evidence to advance a preexisting law enforcement investigation. Similarly, CBP agents seemed to use the journalists’ presence at international airports as an excuse to gather intelligence. CBP agents interrogated Mr. Ou about the “<a href="https://www.aclu.org/sites/default/files/field_document/aclu_letter_to_dhs-cbp_regarding_edward_ou.pdf">extremists</a>” he had come into contact with as a journalist. And as Ms. Abi-Habib recounted, the CBP agent who asked for her cell phones stated, “<a href="https://www.facebook.com/maria.abihabib/posts/10153973225688533">We want to collect information</a>,” presumably related to her foreign reporting.</p>
<p>Warrantless and suspicionless searches of digital devices at the border (or the functional equivalent of the border, such as international airports and other ports of entry) are particularly invasive given the vast amount of personal information they can store on the devices themselves or connect to in the “cloud”—beyond what any piece of traditional luggage can hold.</p>
<p>Courts have recognized the significant privacy interests in today’s digital devices, placing the law related to the border search exception in flux.</p>
<p>The U.S. Court of Appeals for the Ninth Circuit in <a href="http://caselaw.findlaw.com/us-9th-circuit/1624272.html"><i>U.S. v. Cotterman</i> (2013)</a> held that border agents needed to have reasonable suspicion—somewhere between no suspicion and probable cause—before they could conduct a “forensic” search, aided by sophisticated software, of the defendant’s laptop. Unfortunately, the court held that a manual search of a digital device is “routine” and so the standard border search rule applies (i.e., no warrant or suspicion is needed)—even though the privacy interests in any given device do not change.</p>
<p>The Supreme Court held in <a href="http://caselaw.findlaw.com/us-supreme-court/13-132-nr2.html"><i>Riley v. California</i> (2014)</a> that the police may not invoke another exception to the warrant requirement, the search-incident-to-arrest exception, to search a cell phone possessed by an arrestee—instead, the government needs a probable cause warrant. The Court stated, “Our holding, of course, is not that the information on a cell phone is immune from search; it is instead that a warrant is generally required before such a search, even when a cell phone is seized incident to arrest.” The <i>Riley </i>Court focused on the vast amount of personal information stored on or accessible via modern devices:</p>
<blockquote><p>The United States asserts that a search of all data stored on a cell phone is ‘materially indistinguishable’ from searches of these sorts of physical items. That is like saying a ride on horseback is materially indistinguishable from a flight to the moon... Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse.</p></blockquote>
<p>While <i>Riley</i> was not a border search case, the Court’s ruling was reasonably broad, thus we argued in our <i>Saboonchi</i> brief that the border search exception should not apply to cell phones and similar digital devices.</p>
<p>In light of these decisions, <a href="https://www.dhs.gov/sites/default/files/publications/privacy_pia_cbp_laptop.pdf">CBP’s 2009 policy</a> related to searching digital devices at the border is woefully out of date and should be updated.</p>
<p>However, we are eager to further the law in this area—to make it clear that the <i>Riley</i> decision applies at the border. So we are interested in hearing about instances where CBP agents search cell phones, laptops, tablets, or similar digital devices without consent (including whether they access <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">“cloud” content such as social media profiles</a>), either manually or with the aid of software, either at the land borders or following international flights and cruises.</p>
<p>In the meantime, to protect your data when traveling consider some of our <a href="https://ssd.eff.org/en/module/things-consider-when-crossing-us-border">quick tech tips</a>, our longer <a href="https://www.eff.org/files/eff-border-search_2.pdf">border search whitepaper</a>, our more recent set of tech tips related to <a href="https://www.eff.org/deeplinks/2016/11/digital-security-tips-for-protesters">encountering the police during protests</a>, and our very comprehensive guide to <a href="https://ssd.eff.org/en">Surveillance Self-Defense</a>.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Thu, 08 Dec 2016 23:35:35 +0000sophia94113 at https://www.eff.orgLegal AnalysisTravel ScreeningBorder SearchesPrivacyU.N. Joins Critique of Proposed CBP Social Media Questionshttps://www.eff.org/fr/deeplinks/2016/10/un-joins-critique-proposed-cbp-social-media-questions
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Having for years enforced a constitutionally offensive border search regime at physical borders and U.S. international airports, Customs and Border Protection (CBP) recently <a href="https://www.federalregister.gov/documents/2016/06/23/2016-14848/agency-information-collection-activities-arrival-and-departure-record-forms-i-94-and-i-94w-and">proposed to expand</a> its violations in <a href="https://www.eff.org/document/cbp-comments-final-aug-22-2016">troubling new ways</a> by prompting travelers from countries on the State Department’s Visa Waiver Program list to provide their “social media identifier.” Mounting criticism recently prompted the agency to commit to <a href="http://www.forbes.com/sites/emmawoollacott/2016/09/21/us-customs-denies-planning-to-force-foreign-visitors-to-share-social-media-details/#122b47262ca2">some useful limits</a>, but the proposal remains <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">flawed</a>.</p>
<p>
Recently joining the <a href="https://epic.org/2016/09/epic-opposes-dhs-plan-to-colle-1.html">ranks</a> of <a href="https://cdt.org/insight/coalition-letter-opposing-dhs-social-media-collection-proposal/">diverse critics</a> is the U.N. Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, who <a href="http://www.ohchr.org/Documents/Issues/Opinion/Legislation/USA_9_2016.pdf">wrote</a> to the U.S. Ambassador at the end of September.</p>
<p class="pull-quote">Many social media users share sensitive information online intended for friends and family that they would not share with their (or a foreign) government.</p>
<p>EFF submitted several sets of <a href="https://www.eff.org/document/cbp-comments-final-aug-22-2016">comments</a> expressing our concerns with the proposal, beginning during the <a href="https://www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan">initial</a> comment period. After CBP extended the original comment period until the end of September, the agency received <a href="https://www.regulations.gov/docketBrowser?rpp=50&amp;so=DESC&amp;sb=postedDate&amp;po=0&amp;dct=PS&amp;D=USCBP-2007-0102">comments</a> from <a href="https://www.accessnow.org/cms/assets/uploads/2016/08/Access-Now-Submission-to-CBP-Proposal.pdf">thousands</a> of users opposing its ill-considered and counter-productive policy. It issued a <a href="http://www.reginfo.gov/public/do/DownloadDocument?objectID=66405300">preliminary response</a> to those initial comments, to which we replied in a <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">follow up analysis</a> noting the proposal's continuing defects. We also joined <a href="https://cdt.org/insight/coalition-letter-opposing-dhs-social-media-collection-proposal/">coalition comments</a> compiled by the Center for Democracy &amp; Technology, as well as a <a href="https://www.brennancenter.org/analysis/civil-liberties-coalition-submits-comments-dhs-plan-collect-social-media-information">second set</a> of coalition comments organized by the Brennan Center for Justice in response to a DHS <a href="https://www.regulations.gov/document?D=DHS-2016-0054-0001">notice</a> required by the Privacy Act.</p>
<p><b>Violating international law</b></p>
<p>The international community has also grown outspoken. An important new voice joined the debate at the end of September, when David Kaye, the U.N. Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, <a href="http://www.ohchr.org/Documents/Issues/Opinion/Legislation/USA_9_2016.pdf">wrote to remind our government</a> that international law protects everyone’s “right to maintain an opinion without interference and to seek, receive and impart information and ideas of all kinds, regardless of frontiers,” in addition to “the right of individuals to be protected…against arbitrary…interference with their privacy and correspondence.”</p>
<p>Mr. Kaye’s letter also reiterates the <a href="https://necessaryandproportionate.org/principles">necessary and proportionate principles</a> developed in 2013 by a global coalition of civil society, privacy, and technology experts (including EFF) and endorsed by over 600 organizations and a quarter million individuals around the world. It goes on to challenge CBP’s proposal for half a dozen reasons, including the vagueness that has concerned EFF. In particular, Mr. Kaye notes that:</p>
<blockquote><p>It is unstated whether (and under what circumstances) officers may request additional information or access to private accounts. It is also unclear whether officers can request or persuade travelers who have left the data field blank to provide information, or whether they would be questioned about why they left the field blank.</p></blockquote>
<p>Of course, social media profiles can reveal an immense amount of personal details about an individual. Many social media users share sensitive information online intended for friends and family that they would not share with their (or a foreign) government.</p>
<p><b>Chilling speech and expression</b></p>
<p>Our allies at ACCESS NOW have <a href="http://www.forbes.com/sites/emmawoollacott/2016/09/21/us-customs-denies-planning-to-force-foreign-visitors-to-share-social-media-details/2/#142e3a9329be">noted</a> that “A person’s online identifiers are gateways into an enormous amount of their online expression and associations, which can reflect highly sensitive information about that person’s opinions, beliefs, identity, and community.” As my colleague <a href="https://www.eff.org/about/staff/sophia-cope">Sophia Cope</a> wrote <a href="https://www.eff.org/document/cbp-comments-final-aug-22-2016">in August</a>:</p>
<blockquote><p>[S]ocial media handles...can easily lead the government to information about [a traveler's] political leanings, religious affiliations, reading habits, purchase histories, dating preferences, and sexual orientations, among other things. Moreover, given the highly networked nature of social media, the government would also learn such personal details about travelers’ family members, friends, professional colleagues, and other innocent associates, many of whom may be U.S. citizens and/or residents with constitutional and statutory rights.</p></blockquote>
<p>Travelers accustomed to political repression in their own countries may, as the U.N. special rapporteur noted, inhibit their own expression to avoid scrutiny during anticipated future travel. So, too, will Americans: knowing that an international friend's decision to answer CBP’s proposed question could compromise our own opportunity for anonymous speech, as well as associations, many Americans—especially those familiar with <a href="http://www.freedomarchives.org/Cointel_Resources.html">our country’s history</a> of suppressing dissent—may rationally decide to limit their online speech to avoid controversial topics that might invite scrutiny.</p>
<p>Such constitutionally offensive chilling effects are <a href="https://www.washingtonpost.com/news/the-switch/wp/2016/03/28/mass-surveillance-silences-minority-opinions-according-to-study/">established</a> and <a href="https://theintercept.com/2016/04/28/new-study-shows-mass-surveillance-breeds-meekness-fear-and-self-censorship/">predictable</a> in the face of documented surveillance and even more likely given the <a href="https://www.aaup.org/AAUP/newsroom/prarchives/2011/ACLUjanlet.htm#.V_fzWZMrKRs">troubling history</a> of U.S. federal authorities excluding visitors for ideological reasons. CBP's proposal to ask visitors to disclose their social media handles undermines the Obama administration’s <a href="https://www.aaup.org/NR/rdonlyres/4BAAD8E1-8FD6-4D09-884C-9F8F21921E88/0/KohLetter.pdf">written commitment</a> to reverse this policy in order to allow Americans to hear diverse views.</p>
<p><b>Undermining the privacy of Americans</b></p>
<p>CBP and DHS formulated the proposed policy in the face of <a href="https://www.revealnews.org/article/homeland-security-office-oks-efforts-to-monitor-threats-via-social-media/">longstanding criticism</a> for their <a href="https://meehan.house.gov/media-center/press-releases/meehan-seeks-answers-on-dhs-web-social-media-monitoring">domestic programs</a> monitoring social media activity, to which executive officials have <a href="http://www.nextgov.com/cybersecurity/2016/02/dhs-sec-reaffirms-commitment-cybersecurity-upgrades-social-media-monitoring/125873/">recently re-committed</a> their agencies. Our <a href="https://www.brennancenter.org/analysis/civil-liberties-coalition-submits-comments-dhs-plan-collect-social-media-information">comments</a> joining the Brennan Center, in particular, highlight how CBP's current proposal would further impact the rights of Americans since the proposal would enable CBP to map relationships between visitors and their U.S. contacts and then share information gleaned from the social media profiles of those U.S. residents with other agencies potentially poised to monitor them.</p>
<p>Collecting data on the social media profiles of international travelers could also exacerbate longstanding domestic concerns in other ways.</p>
<p>Only two years ago, the Supreme Court held in <a href="http://www.scotusblog.com/case-files/cases/riley-v-california/"><i>Riley v. California</i></a> that cell phones are not subject to search incident to arrest absent a judicial warrant. In other words, even when an arrest is justified by probable cause that a person has committed a criminal offense, police must receive permission from a neutral arbiter, supported by a separate showing of probable cause, before searching the arrestee’s cell phone.</p>
<p>Yet at the border, DHS already violates the spirit of <em>Riley</em> in ways that this proposal could intensify. First, CBP has long claimed the power to <a href="http://www.constitutionproject.org/pdf/Border_Search_of_Electronic_Devices_0518_2011.pdf">search any electronic device</a> crossing a U.S. border—including those belonging to U.S. citizens—for any reason at all, even without the individual suspicion long <a href="https://www.oyez.org/cases/1967/67">required</a> to pat down a suspect within the U.S. or the the judicial warrant required by <em>Riley.<br /></em></p>
<p>Government lawyers who argued <em>Riley</em> conceded that the power to seize a phone from someone arrested within the U.S. did not justify accessing data—like social media profiles—stored in the cloud (<em>e.g.</em>, by tapping on the Facebook app). If, however, CBP collects social media information at U.S. borders from WVP travelers (and through them, their U.S. contacts) it could enable the government to do what in <em>Riley</em> it conceded it could not: access data about Americans stored in the cloud without first gaining a judicial warrant.</p>
<p>Put another way, learning the social media accounts of travelers would expand the government's reach beyond data already gathered from devices and could allow agencies to circumvent legal limits that protect the privacy of Americans within the U.S.</p>
<p><b>Limits acknowledging some concerns</b></p>
<p>Our <a href="https://www.eff.org/document/cbp-comments-final-aug-22-2016">original comments</a> expressed concern that CBP proposed to characterize as optional a question posed in an inherently coercive setting and invite travelers to reveal private and sensitive information by posing that question in a vague way.</p>
<p>Fortunately, CBP issued a <a href="http://www.forbes.com/sites/emmawoollacott/2016/09/21/us-customs-denies-planning-to-force-foreign-visitors-to-share-social-media-details/#5e792a992ca2">statement</a> repudiating a previous draft of its form on which its proposed question appeared as compulsory. The agency said it will make clear that “Providing this information will be voluntary. If an applicant chooses to not fill out or answer questions regarding social media, the ESTA application and I-94W can still be submitted.”</p>
<p>Its most recent statement also commits that "CBP will not violate any social media privacy settings in processing ESTA applications." This pledge is especially important given the agency's established practice of <a href="https://www.eff.org/press/archives/2008/05/01">arbitrarily seizing devices</a> at borders and airports, with which the government could conceivably not only access the known social media profiles of travelers but even potentially commandeer them.</p>
<p>On the one hand, we are proud of having helped compel CBP to accept reasonable limits.</p>
<p><b>Continuing constitutional defects</b></p>
<p>On the other hand, CBP's proposal remains flawed and continues to suffer from <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">constitutional defects</a>.</p>
<p>Sophisticated travelers may recognize that “information associated with your online presence” such as a “social media identifier” could be limited to a handle or pseudonym used to identify oneself on a particular social network. Some, however, may go further and provide multiple identifiers, or possibly even their passwords, enabling the government to potentially access private content. CBP should clarify how it will treat information provided by travelers and establish strict parameters to prevent misuse.</p>
<p>Morever, CBP <a href="https://www.eff.org/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles">admits</a> that it will share data collected through its new question with other agencies "that have a need to know the information to carry out their national security, law enforcement, immigration, or other homeland security functions." This fails to address the concerns that we and others—including the U.N. Special Rapporteur—have raised about the proposal's chilling effects on expression.</p>
<p>Not only will travelers potentially silence themselves in their home countries to avoid prompting scrutiny when traveling to the U.S., but CBP's proposal may lead Americans to seek fewer international relationships with contacts through whom our own information could be exposed. It could also lead other countries to reciprocally demand personally identifying information from Americans seeking to enter their countries, driving a race to the bottom.</p>
<p>Perhaps most dangerously, the proposal omits any indication of how social media profiles will be evaluated or the process through which a traveler could be identified as a security risk. These standards must be articulated in advance to limit individual discretion and prevent <a href="https://www.insidehighered.com/news/2009/07/20/ramadan">ideological profiling</a> of the sort that has long limited the rights of Americans to hear unpopular views.</p>
<p>Even after CBP recently articulated its limits, the proposal remains flawed. It undermines international law, individual rights, the rights of Americans both to hold and to hear unpopular views, and the Obama administration’s foreign policy to <a href="http://iipdigital.usembassy.gov/st/english/texttrans/2015/05/20150518315742.html">promote freedom of expression</a>.</p>
<p>Having filed our comments alongside thousands of other critics, we hope that concerns from both Americans and the international community will spur the administration to reject CBP’s speech-suppressing proposal. Concerned readers can <a href="https://act.eff.org/action/tell-congress-to-investigate-cbp-social-media-monitoring-e24821f7-a11a-4542-82e9-b9aac1d881e5">amplify our concerns</a> by prompting their congressional representatives—especially those on the <a href="https://www.hsgac.senate.gov/about">Senate</a> and <a href="https://homeland.house.gov/full_committee/">House</a> Homeland Security committees—to write their own letters seeking answers from DHS and CBP.</p>
</div></div></div>Wed, 19 Oct 2016 00:53:45 +0000shahid93500 at https://www.eff.orgCommentaryFree SpeechInternational Privacy StandardsPrivacyBorder SearchesSocial NetworksTravel ScreeningCBP Fails to Meaningfully Address Risks of Gathering Social Media Handleshttps://www.eff.org/fr/deeplinks/2016/09/cbp-fails-meaningfully-address-risks-gathering-social-media-handles
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Last month we submitted <a href="https://www.eff.org/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan">comments</a> to Customs and Border Protection (CBP), an agency within the U.S. Department of Homeland Security, opposing its <a href="http://www.reginfo.gov/public/do/PRAViewDocument?ref_nbr=201607-1651-003">proposal</a> to gather social media handles from foreign visitors from Visa Waiver Program (VWP) countries. CBP recently provided its <a href="http://www.reginfo.gov/public/do/DownloadDocument?objectID=66405300">preliminary responses</a> (“Supporting Statement”) to several of our arguments (CBP also extended the comment deadline to <a href="http://www.reginfo.gov/public/do/DownloadDocument?objectID=67731500">September 30</a>). But CBP has not adequately addressed the points we made.</p>
<p><strong>1)</strong> We argued that the proposal would be ineffective at protecting homeland security, because would-be terrorists seeking to enter the U.S. under the VWP are unlikely to voluntarily provide social media handles that link to incriminating posts that are publicly available. In its Supporting Statement, CBP said:</p>
<blockquote><p>Extensive research by DHS and our interagency partners has determined that these additional data elements will increase the ability to stop these travelers before they attempt to travel to the United States.</p>
<p>It may help detect potential threats because experience has shown that criminals and terrorists, whether intentionally or not, have provided previously unavailable information via social media that identified their true intentions.</p></blockquote>
<p>But CBP has not shared its purported “extensive research” or provided any details about its asserted “experience.”</p>
<p>Before adopting a new policy with significant privacy and free speech implications, a federal agency should provide the public with the evidence supporting the agency’s claims of efficacy. CBP has failed to do so here.</p>
<p><strong>2)</strong> We argued that the proposal would violate the privacy and freedom of speech of innocent travelers and their American associates. We also made the point that given the confusing wording of the proposed language (“Information associated with your online presence—Provider/Platform—Social media identifier”), travelers may over-share and turn over not just their handles, but also their passwords.</p>
<p>CBP said, “If an applicant chooses to answer this question, DHS will have timely visibility of the publicly available information on those platforms, consistent with the privacy settings the applicant has set on the platforms.”</p>
<p>Yet the agency notably did not say what the government would do if a traveler does provide log-in information that would enable access to private online content.</p>
<p><strong>3)</strong> In arguing that the proposal would violate privacy and freedom of speech, we also explained that the proposal is vague and overbroad because it contains no definitions or limitations as to what counts as a “social media identifier,” which may lead VWP visitors to share a variety of online accounts that reveal highly personal details about them.</p>
<p>CBP said, “A social media identifier is any name, or ‘handle’, used by the individual on platforms including, but not limited to, Facebook, Twitter, LinkedIn, and Instagram. Applicants are able to volunteer up to 10 identifiers.”</p>
<p>Yet the agency did not say that it would provide such explanatory text on the online ESTA application or paper I-94W form.</p>
<p><strong>4)</strong> In arguing that the proposal would violate privacy and freedom of speech, we expressed concern that the government might use the social media information it gathered in unknown and future non-travel contexts to the detriment of VWP travelers and their American associates.</p>
<p>CBP admitted that this will occur:</p>
<blockquote><p>ESTA information may be shared with other agencies that have a need to know the information to carry out their national security, law enforcement, immigration, or other homeland security functions.<i> </i>Any and all information sharing with agencies outside DHS will abide by existing memoranda of understanding between the agencies and be consistent with applicable statutory and regulatory requirements.</p></blockquote>
<p>This exacerbates the chilling effect we discussed in our comments. Innocent VWP travelers may engage in self-censorship and cut back on their social media activity—even in their home countries—out of fear of being misjudged by the U.S. government, or of putting their friends and loved ones at risk.</p>
<p><strong>5)</strong> We argued that the proposal would have constitutional implications for the American associates of VWP visitors, or for American travelers themselves if the program were extended to request their social media handles or include invasive searches at the border of mobile devices and “apps” or other means of accessing cloud content.</p>
<p>In response to constitutional concerns, CBP merely listed a statute and regulation and said, “These authorities apply to the collection of social media identifiers.”</p>
<p>The agency failed to acknowledge that the Constitution has supremacy over any legislative rule.</p>
<p><strong>6)</strong> We argued that the proposal would spur other countries to demand the same information from American travelers, which would put Americans at risk overseas.</p>
<p>CBP said, “All sovereign countries are within their authority to impose travel regulations and entry requirements. DHS does not dictate the rules and regulations of other countries. DHS has added additional fields to the ESTA application over the last two years and has not seen other countries reciprocate in the questions asked to U.S. visitors.”</p>
<p>Yet the agency failed to recognize that seeking social media handles, including from people who have legitimate reasons for being pseudonymous online yet publicly vocal, is particularly intrusive and so may incite certain foreign governments to demand the same information from American travelers.</p>
<p><strong>7)</strong> We argued that the proposal contains no standards by which CBP would evaluate public social media posts, to ensure that posts would not be taken out of context and innocent individuals would not be misjudged.</p>
<p>CBP said, “Highly trained CBP personnel will independently research publicly available social media information and will be able to recognize factors such as context. CBP will make case-by-case determinations based on the totality of the circumstances.”</p>
<p>Yet this provides little guidance for the public or even the government agents tasked with evaluating social media posts. CBP did not address our specific concern about ideological exclusion, where someone such as an academic may not pose a security risk but has views critical of American foreign policy.</p>
<p>As we said in our comments, we do not doubt that CBP and DHS are sincerely motivated to protect homeland security. However, the proposal to collect social media handles has serious flaws—and the government has failed to adequately address them.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Wed, 14 Sep 2016 21:08:35 +0000sophia92987 at https://www.eff.orgPolicy AnalysisFree SpeechPrivacyBorder SearchesSocial NetworksTravel ScreeningU.S. Customs and Border Protection Wants to Know Who You Are on Twitter—But It’s a Flawed Planhttps://www.eff.org/fr/deeplinks/2016/08/us-customs-and-border-protection-wants-know-who-you-are-twitter-its-flawed-plan
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>UPDATE: The Office of Management and Budget (OMB) approved CBP's proposal to collect the social media handles of visitors from Visa Waiver Countries in <a href="https://www.reginfo.gov/public/do/PRAViewICR?ref_nbr=201607-1651-003">December 2016</a>. The question is on the online <a href="https://esta.cbp.dhs.gov/esta/">ESTA form</a> and looks like this:</em></p>
<p><img src="/files/2017/01/23/social_media_grab.png" alt="" height="104" width="638" /></p>
<p>U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers’ privacy, and would have a wide-ranging impact on freedom of expression—all while doing little or nothing to protect Americans from terrorism.</p>
<p>Customs and Border Protection, an agency within the Department of Homeland Security, has <a href="https://federalregister.gov/a/2016-14848">proposed</a> collecting social media handles from visitors to the United States from <a href="https://travel.state.gov/content/visas/en/visit/visa-waiver-program.html">visa waiver countries</a>. EFF submitted comments both <a href="https://www.eff.org/document/cbp-comments-final-aug-22-2016">individually</a> and as part of a <a href="https://cdt.org/insight/coalition-letter-opposing-dhs-social-media-collection-proposal/">larger coalition</a> opposing the proposal.</p>
<p>CBP specifically seeks “information associated with your online presence—Provider/Platform—Social media identifier” in order to provide DHS “greater clarity and visibility to possible nefarious activity and connections” for “vetting purposes.”</p>
<p>In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism.</p>
<p>But this plan would be more than just ineffective. It’s vague and overbroad, and would unfairly violate the privacy of innocent travelers. Sharing your social media account information often means sharing political leanings, religious affiliations, reading habits, purchase histories, dating preferences, and sexual orientations, among many other personal details.</p>
<p>Or, unwilling to reveal such intimate information to CBP, many innocent travelers would engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government. After all, it’s not hard to imagine some public social media posts being taken out of context or misunderstood by the government. In the face of this uncertainty, some may forgo visiting the U.S. altogether.</p>
<p>The proposed program would be voluntary, and for international visitors. But we are worried about a slippery slope, where CBP could require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive <i>device</i> searches at ports of entry with the intent of easily accessing <i>any and all </i>cloud data.</p>
<p>This would burden constitutional rights under the First and Fourth Amendments. CBP already started a social media monitoring program in 2010, and in 2009 issued a broad policy authorizing <a href="https://www.dhs.gov/sites/default/files/publications/privacy_pia_cbp_laptop.pdf">border searches of digital devices</a>. We oppose CBP further invading the private lives of innocent travelers, including Americans.<b> </b></p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/united-states-v-saboonchi">United States v. Saboonchi</a></div></div></div>Mon, 22 Aug 2016 18:46:49 +0000sophia92724 at https://www.eff.orgPolicy AnalysisFree SpeechPrivacyBorder SearchesSocial NetworksTravel ScreeningEFF Urges Appeals Court To Toughen Privacy Protections for Devices at the Borderhttps://www.eff.org/fr/press/releases/eff-urges-appeals-court-toughen-privacy-protections-devices-border
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Warrants Should Be Required to Search Cell Phones, Computers </div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal">Richmond, Virginia—The Electronic Frontier Foundation (EFF) is urging a federal appeals court to rule that government agents need a warrant to search cell phones, computers, and other personal electronic devices at the border.</p>
<p class="MsoNormal">In an <a target="_blank" href="https://www.eff.org/document/eff-saboonchi-amicus-brief"><i>amicus</i> brief</a> filed today in the United States Court of Appeals for the Fourth Circuit, EFF said that digital devices hold the most intimate details of our personal and professional lives—from conversations with friends and coworkers, to our financial information, and photos and videos of our family. This highly sensitive and personal information, stored on the devices themselves or on computer servers located miles away, can be accessed in just a few clicks, putting electronic devices in a totally different category than the suitcases, backpacks or wallets we travel with.</p>
<p class="MsoNormal">''Anyone coming back into the country from vacation or a business trip can have his or her smartphone, laptop, or tablet seized, and emails, texts, photos, videos, and voicemails rifled through and retained, without a warrant or any suspicion that a crime has been committed,’’ said EFF Staff Attorney Sophia Cope. “This violates Fourth Amendment protections against unreasonable searches and seizures. The Supreme Court recognized last year in <a href="https://www.eff.org/cases/supreme-court-cases-cell-phone-searches"><i>Riley v. California</i> </a>that modern digital devices contain unprecedented amounts of highly personal information and ruled that police need a warrant to search devices found on people they arrest.<span> </span>The same standard should apply when border agents want to search devices we carry with us while traveling.’’</p>
<p class="MsoNormal">EFF is weighing in on the Maryland case of <a target="_blank" href="https://www.eff.org/cases/united-states-v-saboonchi"><i>U.S. v. Saboonchi</i></a>, which involves evidence taken without a warrant from cell phones and a flash drive belonging to an Iranian-American U.S. citizen returning from vacation at Niagara Falls. <span></span>Law enforcement officials used information found on the devices—which could hold the equivalent of dozens of suitcases worth of documents—to charge him with violating export control laws.</p>
<p class="MsoNormal">EFF’s brief explains that the Fourth Amendment’s border search exception allows warrantless searches at the U.S. border only for the purposes of enforcing immigration and customs laws.<span> </span>That means agents may check travelers’ passport and immigration documents, and search luggage for physical contraband like drugs or items subject to import duties.</p>
<p class="MsoNormal">''Searches conducted for the purpose of ordinary criminal law enforcement aren’t covered by the border search exception,’’ said EFF Senior Staff Attorney Hanni Fakhoury.<span> </span>“The border search exception is not meant to be a loophole for law enforcement to obtain troves of personal information without a warrant.’’</p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Sophia</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Cope</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:sophia@eff.org">sophia@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Thu, 10 Sep 2015 17:40:16 +0000karen87729 at https://www.eff.orgOscar and Pulitzer Award-Winning Journalist Laura Poitras Sues U.S. Government To Uncover Records After Years of Airport Detentions and Searcheshttps://www.eff.org/fr/press/releases/oscar-and-pulitzer-award-winning-journalist-laura-poitras-sues-us-government-uncove-0
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Poitras, Filmmaker Behind Snowden Documentary CITIZENFOUR, Searched and Questioned Every Time She Entered U.S. From 2006 to 2012</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="MsoNormal"><span>Washington, D.C. ­– Academy and </span>Pulitzer<span> Prize Award-winning documentary filmmaker <a target="_blank" href="https://firstlook.org/theintercept/staff/laura-poitras/">Laura Poitras</a> sued the Department of Justice (DOJ) and U.S. transportation security agencies today demanding they release records documenting a six-year period in which she was searched, questioned, and often subjected to hours-long security screenings at U.S. and overseas airports on more than 50 occasions. The Electronic Frontier Foundation (EFF) is representing Poitras in a Freedom of Information Act (FOIA) lawsuit against the Department of Homeland Security, DOJ, and the Office of the Director of National Intelligence.</span></p>
<p class="MsoNormal"><span><span></span>“I’m filing this lawsuit because the government uses the U.S. border to bypass the rule of law,” said Poitras. “This simply should not be tolerated in a democracy. I am also filing this suit in support of the countless other less high-profile people who have also been subjected to years of Kafkaesque harassment at the borders. We have a right to know how this system works and why we are targeted.”</span></p>
<p class="MsoNormal"><span>Poitras is a professional journalist who won an Academy Award this year for her documentary film “<a target="_blank" href="http://www.praxisfilms.org/films/citizenfour">CITIZENFOUR</a>” about NSA whistleblower Edward Snowden, shared in the 2014 </span>Pulitzer<span> for Public Service for NSA reporting, and is a recipient of a <a target="_blank" href="http://www.macfound.org/fellows/874/">MacArthur Foundation “genius” grant</a>. During frequent travel from 2006 to 2012 for work on her documentary films, Poitras was detained at the U.S. border every time she entered the country.</span></p>
<p class="MsoNormal"><span><span></span>During these detentions, she was told by airport security agents that she had a criminal record (even though she does not), that her name appeared on a national security threat database, and, on one occasion, that she was on the U.S. government’s No Fly List. She’s had her laptop, camera, mobile phone, and reporter notebooks seized and their contents copied, and was once threatened with handcuffing for taking notes during her detention after border agents said her pen could be used as a weapon. The searches were conducted without a warrant and often without explanation, and no charges have ever been brought against Poitras.</span></p>
<p class="MsoNormal"><span>After years of targeting by security agents, Poitras last year filed FOIA requests for records naming or relating to her, including case files, surveillance records, and counterterrorism documents. But the agencies have either said they have no records, denying or ignoring her appeals for further searches, or haven’t responded at all to her requests. For example, the FBI, after not responding to Poitras’ FOIA request for a year, said in May it had located only six pages relevant to the request—and that it was withholding all six pages because of grand jury secrecy rules.</span></p>
<p class="MsoNormal"><span>“The government used its power to detain people at airports, in the name of national security, to target a journalist whose work has focused on the effects of the U.S. war on terror,” said David Sobel, EFF senior counsel. “In refusing to respond to Poitras’ FOIA requests and wrongfully withholding the documents about her it has located, the government is flouting its responsibility to explain and defend why it subjected a law-abiding citizen—whose work has shone a light on post-9/11 military and intelligence activities—to interrogations and searches every time she entered her country.”</span><span><span> </span></span><span></span></p>
<p class="MsoNormal"><span>The detentions ended in 2012 after journalist Glenn Greenwald published <a target="_blank" href="http://www.salon.com/2012/04/08/u_s_filmmaker_repeatedly_detained_at_border/">an article </a>about Poitras’ experiences and a group of documentary filmmakers submitted a <a target="_blank" href="https://deadline.com/2012/04/documentary-directors-protest-homeland-security-treatment-of-helmer-laura-poitras-254291/">petition</a> to DHS protesting her treatment. </span></p>
<p class="MsoNormal"><span>“We are suing the government to force it to disclose any records that would </span>show why security officials targeted Poitras for six years, even though she had no criminal record and there was no indication that she posed any security risk<span>,” said Jamie Lee Williams, an EFF attorney and the organization’s Frank Stanton Legal Fellow. “By spurning Poitras’ FOIA requests, the government leaves the impression that her detentions were a form of retaliation and harassment of a journalist whose work has focused on U.S. policy in the post-9/11 world.”</span></p>
<p class="MsoNormal"><span>Poitras’ documentary films include the 2006 Oscar-nominated “<a target="_blank" href="http://www.praxisfilms.org/films/my-country-my-country">My Country, My Country</a>”­—a story about the Iraq war told through an Iraqi doctor and political candidate in Baghdad who was an outspoken critic of U.S. occupation. Poitras also directed and produced the Emmy-nominated “<a target="_blank" href="http://www.praxisfilms.org/films/the-oath">The Oath</a>,” a 2010 documentary film about Guantanamo Bay prison and the interrogation of Osama bin Laden’s former bodyguard days after 9/11. Poitras’ latest film, “CITIZENFOUR,” about Snowden and NSA mass surveillance, </span><span>earned her a Director’s Guild of America Award and an Oscar. </span><span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">For the full complaint:<br /><a target="_blank" href="https://www.eff.org/document/poitras-foia-complaint">https://www.eff.org/document/poitras-foia-complaint</a></p>
<p><br /><span></span></p>
</div></div></div><div class="field field--name-field-contact field--type-node-reference field--label-above"><div class="field__label">Contact:&nbsp;</div><div class="field__items"><div class="field__item even"><div class="ds-1col node node--profile node--promoted view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">David</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Sobel</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Senior Counsel</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:sobel@eff.org">sobel@eff.org</a></div></div></div> </div>
</div>
</div><div class="field__item odd"><div class="ds-1col node node--profile view-mode-node_embed node--node-embed node--profile--node-embed clearfix">
<div class="">
<div class="field field--name-field-profile-first-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Jamie Lee</div></div></div><div class="field field--name-field-profile-last-name field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Williams</div></div></div><div class="field field--name-field-profile-title field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Staff Attorney</div></div></div><div class="field field--name-field-profile-email field--type-email field--label-hidden"><div class="field__items"><div class="field__item even"><a href="mailto:jamie@eff.org">jamie@eff.org</a></div></div></div> </div>
</div>
</div></div></div>Mon, 13 Jul 2015 16:33:52 +0000karen86865 at https://www.eff.orgDefending Privacy at the Israeli Border: Information for Travelers Carrying Digital Devices https://www.eff.org/fr/deeplinks/2012/06/defending-privacy-israeli-border-information-travelers-carrying-digital-devices
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>As we’ve <a href="https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices">acknowledged before</a>, our lives are increasingly contained on our digital devices, which makes travel—and the decisions we make about what to carry with us—increasingly complicated. </p>
<p>A recent case in which two young travelers to Israel were requested not simply to provide their laptops for arbitrary searches, but to <a href="http://www.huffingtonpost.com/2012/06/04/israel-airport-email-search_n_1569163.html">log in to their e-mail accounts and allow Israeli officials to search through their e-mail</a> for specific strings and correspondence highlights the increasing obstacles to privacy that travelers face, as well as the increasingly global nature of security theatre.</p>
<p>In that particular case, the two young women—both of Palestinian origin—complied with officials’ requests but were nonetheless detained overnight before being deported. In another, similar case, a U.S. citizen who refused access to her email was told she was probably hiding something and was refused entry to the country. Israeli security (Shin Bet) told a <a href="http://www.haaretz.com/news/diplomacy-defense/israel-airport-security-demands-access-to-tourists-private-email-accounts.premium-1.434509">reporter</a> that “the actions taken by the agents during questioning were within the organization's authority according to Israeli law.”</p>
<p>Not unlike travelers to the U.S., travelers to Israel face serious privacy challenges at the border. The government generally has broad authority to search through your personal possessions, including your laptop, for any reason at all. When you cross the border to Israel, the Israeli government retains the authority to question you and examine your belongings, which it interprets as also allowing it to go through your electronic devices and computer files. More recently, authorities have also been known to <a href="http://mondoweiss.net/2012/06/do-you-feel-more-arab-or-more-american-two-arab-american-womens-story-of-being-detained-and-interrogated-at-ben-gurion.html">demand user passwords to online accounts</a>.</p>
<p>As we state in our guide to U.S. border searches:</p>
<blockquote><p>For doctors, lawyers, and many business professionals, these border searches can compromise the privacy of sensitive professional information, including trade secrets, attorney-client and doctor-patient communications, research and business strategies, some of which a traveler has legal and contractual obligations to protect. For the rest of us, searches that can reach our personal correspondence, health information, and financial records are reasonably viewed as an affront to privacy and dignity and inconsistent with the values of a free society.</p></blockquote>
<p>EFF recently asked <a href="http://2jk.org/english/">Jonathan Klinger</a>, an Israeli attorney, for his thoughts on the law and government practices that apply to searches at the Israeli border, and here is his analysis.</p>
<p><b><i>The Situation at the Israeli Border</i></b></p>
<p>At the Israeli border, there are some limited legal protections against the search itself. Based on a collection of experiences, however, it seems that mentioning these protections to border officials can be considered antagonism, and can limit your ability to enter Israel. Those concerned about the security and privacy of the information on their devices at the border should therefore use technological measures in an effort to protect their data. They can also choose not to take private data across the border with them at all, and then use technical measures to retrieve it from abroad.</p>
<p>There is, however, little to prevent a scenario in which one’s email is searched, as refusal to allow the search may result in deportation. With that in mind, concerned travelers should think ahead and review their online accounts before traveling.</p>
<p><b><i>Why Can My Devices Be Searched at the Border?</i></b></p>
<p>Article 7 of Israel's Basic Statute of Human Dignity and Freedom<a class="see-footnote" id="footnoteref1_1ehgmmx" title="http://www.nevo.co.il/law_html/law01/184_001.htm" href="#footnote1_1ehgmmx">1</a> states that every person is entitled to his privacy, and that his property may not be searched, apart from where it is required under legal authority. This <i>generally </i>means that the government has to show probable cause that a crime has been committed and get a warrant before it can search a location or item in which you have a reasonable expectation of privacy; moreover, a recent Supreme Court ruling stated that there is no such thing called <i>consensual search,</i><a class="see-footnote" id="footnoteref2_n8mup4n" title="RCA 10141/09 Abraham Ben-Haim v. State, http://elyon1.court.gov.il/files/09/410/101/n10/09101410.n10.htm" href="#footnote2_n8mup4n">2</a> and where there is no probable cause, the state cannot rely on a person's consent in order to search in his possessions. But searches at places where people enter or leave Israel are subject to different statutes. The two applicable statutes are the Aviation Act (Security in Civil Aviation), 1977<span><a class="see-footnote" id="footnoteref3_5ubmpzb" title="http://www.nevo.co.il/Law_html/law01/162_037.htm" href="#footnote3_5ubmpzb">3</a></span>and the General Security Service Act, 2002<span><a class="see-footnote" id="footnoteref4_glwwpz2" title="http://www.nevo.co.il/Law_html/law01/p220k4_001.htm" href="#footnote4_glwwpz2">4</a></span>; the two acts altogether provide two different state authorities the right to search on a person's body and in his property. However, they do not refer to computer searches at all.</p>
<p>The Aviation Act allows security personnel, police officers, soldiers and members of the civil defense forces to search at border crossings if <i>“the search is required, in [the officer's] opinion, to keep the public's safety or if he suspects that the person unlawfully carries weapons or explosives, or that the vehicle, the plane or the goods has weapons or explosives.</i>”</p>
<p>Similarly, the General Security Service Act states that in order to prevent unlawful activities, secure persons or any other activity that the government authorized with the approval of the Knesset committee for the Shin Bet<span><a class="see-footnote" id="footnoteref5_cwq42za" title="The Shin Bet is Israel’s internal security service." href="#footnote5_cwq42za">5</a> to perform, any employee of the Shin Bet (the service) may search a person's body, property, baggage or other goods and collect information, as long as the person is present.</span></p>
<p>Only in extreme cases, where there is an object that needs to be seized for a vital role in the Shin Bet's activity, can the Shin Bet also search without a person's presence.</p>
<p>However, nothing in these acts authorizes computer searches. Recently, the Israeli Justice office proposed a new anti-terror bill,<a class="see-footnote" id="footnoteref6_dcxq0ac" title="http://www.justice.gov.il/NR/rdonlyres/77CD3245-3A1D-4F8E-AA54-5D8C25344888/29272/611.pdf" href="#footnote6_dcxq0ac">6</a> which is yet to pass through the legislative process. This Anti-Terror bill does request to correct the current General Security Service act to specifically state that computers may be searched.</p>
<p><b><i>How the Government Searches Devices at the Border</i></b></p>
<p>There are three government agencies primarily responsible for inspecting travelers and items entering Israel: the General Security Service (Shin Bet), The Customs Authority and the Immigration authority.</p>
<p>The law gives the Shin Bet and other officials a great deal of discretion to inspect items coming into the country. There is no official policy published in respect to border search of electronic devices and accounts. And when recently requested to comment, the Shin Bet <a href="http://news.walla.co.il/?w=/90/2539014">stated</a> that its acts are “according to law.”</p>
<p>Recently, the Israeli Foreign Ministry admitted that it <a href="http://www.haaretz.co.il/captain/net/1.1180083">used Facebook</a> in order to create a blacklist of activists who were then—<a href="http://www.haaretz.com/news/diplomacy-defense/israeli-official-40-of-names-on-shin-bet-fly-in-blacklist-were-not-activists-1.424470">along with a number of uninvolved and mistakenly identified individuals</a>—banned entry to the country amidst the Flytilla events. If you are active on one or more social networks and express opinions about Israel, you carry a greater risk of being profiled and selected for search.</p>
<p>Keep in mind that the Shin Bet can keep your computer or copies of your data for “<i>the time required for the seizure.”</i> There is no specific consideration regarding forensic practices and the ways that your computer files may be copied during the seizure. This is unlike the Israeli Criminal Procedure Order (Arrest and Search), 1969,<a class="see-footnote" id="footnoteref7_p5pkpqx" title="http://www.nevo.co.il/Law_html/law01/055_128.htm" href="#footnote7_p5pkpqx">7</a> which deals specifically with the forensic procedures of copying computer materials and requires two witnesses for any file duplication.</p>
<p>The Israeli Customs Authority, under Article 184,<a class="see-footnote" id="footnoteref8_7gzcrkz" title="http://www.nevo.co.il/law_html/law01/265_001.htm#Seif200" href="#footnote8_7gzcrkz">8</a> allows any customs official to search every person for contraband or drugs given probable cause. Moreover, the customs official may also request urine, blood or saliva samples and request persons to undress. However, nothing in the law allows them to search through computer materials.</p>
<p>In short, border agents have a lot of latitude to search electronic devices at the border or take them elsewhere for further inspection for a short period of time, whether or not they suspect a traveler has done anything wrong.</p>
<p>We do not have the exact numbers or methods of how such searches are handled, and the Shin Bet is exempt from the Israeli Freedom of Information Act.<a class="see-footnote" id="footnoteref9_80qaw85" title="http://www.nevo.co.il/law_html/law01/144M1_001.htm" href="#footnote9_80qaw85">9</a>;However, the frequency of technology-oriented searches at the border may increase in the future. Researchers and vendors are creating tools to make forensic analysis faster and more effective, and, over time, forensic analysis will require less skill and training. Law enforcement agencies may be tempted to use these tools more often and in more circumstances as their use becomes easier.</p>
<p>Travelers should consider taking the same precautions outlined in <a href="https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices">EFF’s guide to carrying digital devices across the United States border</a>.</p>
<p> </p>
<ul class="footnotes"><li class="footnote" id="footnote1_1ehgmmx"><a class="footnote-label" href="#footnoteref1_1ehgmmx">1.</a> <a href="http://www.nevo.co.il/law_html/law01/184_001.htm">http://www.nevo.co.il/law_html/law01/184_001.htm</a></li>
<li class="footnote" id="footnote2_n8mup4n"><a class="footnote-label" href="#footnoteref2_n8mup4n">2.</a> RCA 10141/09 Abraham Ben-Haim v. State, <a href="http://elyon1.court.gov.il/files/09/410/101/n10/09101410.n10.htm">http://elyon1.court.gov.il/files/09/410/101/n10/09101410.n10.htm</a></li>
<li class="footnote" id="footnote3_5ubmpzb"><a class="footnote-label" href="#footnoteref3_5ubmpzb">3.</a> <a href="http://www.nevo.co.il/Law_html/law01/162_037.htm">http://www.nevo.co.il/Law_html/law01/162_037.htm</a><span></span></li>
<li class="footnote" id="footnote4_glwwpz2"><a class="footnote-label" href="#footnoteref4_glwwpz2">4.</a> <a href="http://www.nevo.co.il/Law_html/law01/p220k4_001.htm">http://www.nevo.co.il/Law_html/law01/p220k4_001.htm</a><span></span></li>
<li class="footnote" id="footnote5_cwq42za"><a class="footnote-label" href="#footnoteref5_cwq42za">5.</a> The Shin Bet is Israel’s internal security service.</li>
<li class="footnote" id="footnote6_dcxq0ac"><a class="footnote-label" href="#footnoteref6_dcxq0ac">6.</a> <a href="http://www.justice.gov.il/NR/rdonlyres/77CD3245-3A1D-4F8E-AA54-5D8C25344888/29272/611.pdf">http://www.justice.gov.il/NR/rdonlyres/77CD3245-3A1D-4F8E-AA54-5D8C25344888/29272/611.pdf</a></li>
<li class="footnote" id="footnote7_p5pkpqx"><a class="footnote-label" href="#footnoteref7_p5pkpqx">7.</a> <a href="http://www.nevo.co.il/Law_html/law01/055_128.htm">http://www.nevo.co.il/Law_html/law01/055_128.htm</a></li>
<li class="footnote" id="footnote8_7gzcrkz"><a class="footnote-label" href="#footnoteref8_7gzcrkz">8.</a> <a href="http://www.nevo.co.il/law_html/law01/265_001.htm#Seif200">http://www.nevo.co.il/law_html/law01/265_001.htm#Seif200</a></li>
<li class="footnote" id="footnote9_80qaw85"><a class="footnote-label" href="#footnoteref9_80qaw85">9.</a> <a href="http://www.nevo.co.il/law_html/law01/144M1_001.htm">http://www.nevo.co.il/law_html/law01/144M1_001.htm</a></li>
</ul></div></div></div>Mon, 25 Jun 2012 17:51:59 +0000jillian71062 at https://www.eff.orgCommentaryInternationalPrivacyTravel ScreeningAppellate Court to Rehear Expansive Border Search Casehttps://www.eff.org/fr/deeplinks/2012/03/appellate-court-rehear-expansive-border-search-case
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>When it comes to the government's ability to search your electronic devices at the border, we've always maintained that the border is not an <a href="https://www.eff.org/deeplinks/2011/09/eff-appeals-court-border-not-anything-goes">"anything goes"</a> zone, and that the Fourth Amendment doesn't allow the government to search whatever it wants for any (or no) reason at all. And this week, the Ninth Circuit Court of Appeals agreed to rehear a case that gave the government carte blanche to search through electronic devices at the border.</p>
<p>In September 2011, EFF and the <a href="http://www.nacdl.org/">National Association of Criminal Defense Lawyers</a> filed an <a href="https://www.eff.org/files/FiledCottermanAmicusBrief_0.pdf">amicus brief</a> (PDF) before the Ninth Circuit, asking it to rehear its decision in <em><a href="http://www.ca9.uscourts.gov/datastore/opinions/2011/03/30/09-10139.pdf">United States v. Cotterman</a> </em>(PDF), which dramatically expanded the "border search" doctrine that generally allows law enforcement to search a person coming across the international border without a warrant or any suspicion of wrong doing. <em>Cotterman </em>involved a man who attempted to cross into the United States from Mexico at the Arizona border. Customs agents kept him at the border for 8 hours without suspecting him of carrying anything illegal. They seized two laptops and a digital camera without a search warrant, and transported them 170 miles to Tuscon. Still without a search warrant, they searched the hard drives and computers for two days, until they found child pornography on the computers and arrested Cotterman. A three judge panel of the Ninth Circuit found the warrantless search reasonable under the Fourth Amendment as a "border search," despite the fact the search took place far from the actual border. Our amicus brief echoed the warning of dissenting judge Betty Fletcher, who wrote that the majority's decision “gives the Government a free pass to copy, review, categorize, and even read all of that information in the hope that it will find some evidence of any crime.”</p>
<p>On Monday, the entire court took our (and Judge Fletcher's) warning into account and agreed to <a href="http://www.ca9.uscourts.gov/datastore/opinions/2012/03/19/0910139ebo.pdf">rehear the case</a> (PDF). In reconsidering the case and the implications it has for all international travelers coming into the United States, we're hopeful the court will get it right this time, and find such a dangerous expansion of the "border search" doctrine unreasonable under the Fourth Amendment. And while waiting for the court's decision, international travellers entering the United States should check out our guide for protecting your electronics during international travel, "<a href="https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices">Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices</a>."</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/us-v-arnold">US v. Arnold</a></div></div></div>Wed, 21 Mar 2012 22:55:15 +0000hanni70070 at https://www.eff.orgAnnouncementPrivacyTravel ScreeningNew Year's Resolution: Full Disk Encryption on Every Computer You Ownhttps://www.eff.org/fr/deeplinks/2011/12/newyears-resolution-full-disk-encryption-every-computer-you-own
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The New Year is upon us, and you might be partaking in the tradition of making a resolution for the coming year. This year, why not make a resolution to protect your data privacy with one of the most powerful tools available? Commit to <em>full disk encryption</em> on each of your computers.</p>
<p>Many of us now have private information on our computers: personal records, business data, e-mails, web history, or information we have about our friends, family, or colleagues. Encryption is a great way to ensure that your data will remain safe when you travel or if your laptop is lost or stolen. Best of all, it's free. So don't put off taking security steps that can help protect your private data. Join EFF in resolving to encrypt your disks 2012.</p>
<p>Here's some basic info about full disk encryption. You can read this and much more (including information on password security) in our <a href="https://www.eff.org/document/defending-privacy-us-border-guide-travelers-carrying-digital-devices">recent whitepaper</a> on protecting privacy at the border.</p>
<p>Full disk encryption uses mathematical techniques to scramble data so it is unintelligible without the right key. This mathematical protection works independently of the policies configured in the operating system software. A different operating system or computer cannot just decide to allow access, because no computer or software can make any sense of the data without access to the right key.</p>
<p>Without encryption, forensic software can easily be used to bypass an account password and read all the files on your computer.</p>
<p>Fortunately, modern computer systems come with comparatively easy full-disk encryption tools that let you encrypt the contents of your hard drive with a passphrase that will be required when you start your computer. Using these tools is the most fundamental security precaution for computer users who have confidential information on their hard drives and are concerned about losing control over their computers — not just at a border crossing, but at any moment during a trip when a computer could be lost or stolen.<strong></strong></p>
<p><strong>Choosing a Disk Encryption Tool</strong></p>
<p>Choosing encryption tools is sometimes challenging because there are so many options available. For the best security, choose a full-disk encryption tool that encrypts everything on your computer rather than a file-encryption tool that encrypts individual files separately. This may need to be set up at the time your operating system is first installed. Every major operating system now comes with encryption options.</p>
<ul><li><a href="https://en.wikipedia.org/wiki/BitLocker_Drive_Encryption">Microsoft BitLocker</a> in its most secure mode is the gold standard because it protects against more attack modes than other software. Unfortunately, Microsoft has only made it available with certain versions of Microsoft Windows.</li>
<li><a href="http://www.truecrypt.org/">TrueCrypt</a> has the most cross-platform compatibility.</li>
<li>Mac OS X and most Linux distributions have their own full-disk encryption software built in.</li>
</ul><p>For more detailed information about the advantages and disadvantages of various tools, check out this <a href="https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software">Wikipedia article</a> comparing full-disk encryption software.</p>
<p><strong>Make a Strong Passphrase and Don't Lose It</strong></p>
<p>Full-disk encryption is most effective if you make a strong passphrase using a technique like <a href="http://www.diceware.com/">Diceware</a>. This or other modern passphrase-making techniques can produce a strong but memorable passphrase.</p>
<p>Remember that access to your data is dependent on having access to your passphrase. By design, if you lose it, your computer and data will be completely unusable. So, <strong>make sure your passphrase won't be lost</strong>! For many people, this could involve writing it down and keeping a copy someplace different from where you keep your computer. (You can combine your encryption resolution with a resolution to make regular backups, if you're not already doing so. And you can also choose to encrypt your backups.)</p>
<p>Full disk encryption is one of the most important steps you can take to protect the privacy of your data. If you haven't done it yet, <strong>resolve to encrypt in 2012.</strong></p>
<p>Read our whitepaper on Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices:<br /><a href="https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices">https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices</a></p>
<p>Take the border privacy quiz:<br /><a href="https://www.eff.org/pages/border-search-quiz">https://www.eff.org/pages/border-search-quiz</a></p>
<p>Sign the petition calling on DHS to publish clear standards of handling sensitive data collected at the border:<br /><a href="https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8341">https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8341</a></p>
</div></div></div>Sat, 31 Dec 2011 20:47:03 +0000rainey68049 at https://www.eff.orgCall To ActionPrivacyTravel ScreeningSecurityEFF To Appeals Court: Border Is Not An “Anything Goes” Zonehttps://www.eff.org/fr/deeplinks/2011/09/eff-appeals-court-border-not-anything-goes
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF has <a href="https://www.eff.org/deeplinks/2008/05/border-search-answers">long been committed</a> to helping international travelers <a href="https://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t">protect their electronic devices and digital data</a> at the U.S. border. We're continuing to push for some legal limits on the government’s sweeping authority to search electronic devices at the border with an amicus brief we recently filed along with the <a href="http://www.nacdl.org/public.nsf/freeform/publicwelcome?opendocument">National Association of Criminal Defense Lawyers</a> (NACDL), urging the Ninth Circuit Court of Appeals to rehear and reverse its disturbing decision in <a href="http://www.ca9.uscourts.gov/datastore/opinions/2011/03/30/09-10139.pdf">United States v. Cotterman</a> (pdf).</p>
<p>Cotterman was coming into the United States from Mexico at the Lukeville Port of Entry in Arizona. Without suspecting he was carrying anything illegal, customs officers detained him at the border for 8 hours before letting him enter the country. The agents confiscated two laptops and a digital camera, and took them 170 miles away to Tucson for forensic examination. The next day, without a warrant or any suspicion that the electronic devices contained anything illegal, agents imaged three hard drives on the computers and reviewed pictures on the digital camera. After two days of forensic examination, the agents ultimately found child pornography on the computers.</p>
<p>The appellate court found the three-day search and seizure reasonable under the Fourth Amendment, despite the absence of any individual suspicion of wrongdoing or a search warrant. A dissenting judge warned that the decision “gives the Government a free pass to copy, review, categorize, and even read all of that information in the hope that it will find <i>some</i> evidence of <i>any</i> crime.”</p>
<p>In our amicus brief, written by Michael Price and Malia Brink of the NACDL, we urge the court to reconsider its decision, which we caution leads to a border where government officials – not the Constitution – dictate the legal boundaries of a search. The Fourth Amendment, while relaxed at the border, demands more than just a free pass for the government to search whatever it wants for no reason at all.</p>
<p>While we wait and hope the court reverses its decision, check out our most recent <a href="https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices">guide to protecting electronic devices and data at the U.S. border</a> to learn about the affirmative steps <i>you</i> can take to keep your data safe and private.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/foia-litigation-border-searches">Border Searches </a></div></div></div>Wed, 21 Sep 2011 22:49:40 +0000hanni61526 at https://www.eff.orgAnnouncementTransparencyPrivacyTravel ScreeningLine Noise: Electronic Device Search and Seizurehttps://www.eff.org/fr/deeplinks/2011/08/line-noise-electronic-device-search-and-seizure
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF activist Eva Galperin interviews EFF criminal defense attorney, Hanni Fakhoury, on the newest edition of <a href="https://www.eff.org/linenoise">Line Noise</a>, the EFF podcast. Whether law enforcement wants to search your home computer, tries to browse through your smart phone at a traffic stop, or seeks to thumb through your camera at customs, you should know your rights. </p>
<p>Learn more about your privacy rights by reading our <a href="https://www.eff.org/wp/know-your-rights">Know Your Rights</a> guide, or test your skills with our <a href="https://www.eff.org/pages/know-your-digital-rights-quiz">quiz</a>.</p>
<p>This edition of Line Noise was recorded on-site from the San Francisco studio of <a href="http://www.Bamm.tv">Bamm.tv</a></p>
</div></div></div>Wed, 03 Aug 2011 19:57:32 +0000rainey61460 at https://www.eff.orgPrivacyTravel ScreeningSearch Incident to ArrestCommon Sense and Security: Body Scanners, Accountability, and $2.4 Billion Worth of Security Theaterhttps://www.eff.org/fr/deeplinks/2010/11/common-sense-and-security-body-scanners
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The Transportation Security Administration is feeling <a href="http://www.usatoday.com/travel/news/2010-11-18-1Aairports18_CV_N.htm">public heat</a> these days over its combination of whole-body-image scanners and heavy-handed pat-down searches, and deservedly so. </p>
<p>There’s no question that reform is needed to curtail TSA’s excesses. We especially applaud the Electronic Privacy Information Center’s <a href="http://epic.org/privacy/airtravel/backscatter/">efforts</a> to increase public awareness about the body scanners. But will the heat now being generated produce the kind of light we really need? </p>
<p>Consider, for instance, the all-too-common <a href="http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/11/17/EDFA1GCSMF.DTL">response</a> that we need to<br />
accept the indignity and invasiveness of the body scanners and pat-down searches in order to be safer. That response assumes that body scanners actually make us safer — a dubious assumption that we explore below.</p>
<h3>Do Body Scanners Address the Problem They Were Intended to Address?</h3>
<p>Unlikely.</p>
<p>Body scanners are touted as a solution to the problem of detecting explosive devices that evade traditional metal detectors. The recent hard push for body scanners took off after Christmas 2009, when the so-called "underwear bomber," Umar Farouk Abdulmutallab, attempted to board an airplane while allegedly concealing in his underpants a package containing nearly 3 oz of the chemical powder PETN (pentaerythritol tetranitrate). Within a few days, Sen. Joseph Lieberman <a href="http://www.bloomberg.com/apps/news?pid=newsarchive&amp;sid=a4fzip9qPK44">called</a> for more widespread use of the full-body scanners. </p>
<p>Indeed, TSA Administrator John Pistole <a href="http://commerce.senate.gov/public/index.cfm?p=Hearings&amp;ContentRecord_id=9ad9e372-c415-4758-805a-4b4a295ccb8b&amp;ContentType_id=14f995b9-dfa5-407a-9d35-56cc7152a7ed&amp;Group_id=b06c39af-e033-4cba-9221-de668ca1978a">told</a> Congress last week that body scanners (which TSA calls Advanced Imaging Technology, or AIT) are "the most effective technology for detecting small threat items concealed on passengers, such as explosives used by Abdulmutallab."</p>
<p>Yet there’s no publicly available evidence that body scanners counter the threat from explosive powders. What we do know makes us extremely skeptical.</p>
<ul><li>A <a href="http://epic.org/open_gov/foia/TSA_Procurement_Specs.pdf">TSA document</a>, which EPIC obtained via the Freedom of Information Act, shows that the scanners were intended to detect weapons, traditional explosives (C4, plastique, etc.), and liquids — but not powder (page 10).</li>
<li>The Government Accountability Office (GAO) <a href="http://www.gao.gov/new.items/d10484t.pdf">says</a> that "it remains unclear whether the AIT would have detected the weapon used in the December 2009 incident based on the preliminary information the GAO has received."</li>
<li>Ben Wallace, a member of Parliament who was formerly involved in a project to develop the scanners for airport use, said trials had shown that materials such as powder, liquid or thin plastic — as well as the passenger's clothing — went undetected. According to Wallace, the millimeter waves pass through low-density materials. High-density material such as metal knives, guns and dense plastic such as C4 explosive reflect the millimeter waves and leave an image of the object. He added that X-ray scanners were also <a href="http://www.independent.co.uk/news/uk/home-news/are-planned-airport-scanners-just-a-scam-1856175.html">unlikely to have detected the Christmas Day bomb</a>.</li>
<li>German border police <a href="http://www.monstersandcritics.com/news/europe/news/article_1599386.php/Folds-in-clothes-confuse-full-body-scanners-German-police-find">recently reported</a> folds in clothing were confusing the body scanners used at Hamburg Airport (the L-3 ProVision Automatic Threat Detection system). "NDR radio said the devices, introduced in September, had repeatedly given warnings about innocent passengers, mainly because of folds in clothes. It quoted guards saying the devices were unreliable in scanning through many layers of clothing too."</li>
</ul><h3>The Real Costs of Security Theater</h3>
<p>Even assuming that there were some security value to the body scanners, an obvious question remains: are they worth it? The scanners cost about $170,000 each. The number of scanners <a href="http://www.usatoday.com/travel/news/2010-11-18-1Aairports18_CV_N.htm">jumped</a> from 40 at the start of this year to 373 installed at 68 airports across the USA as of last week. The TSA is scheduled to deploy 500 scanners by December 31, and a total of 1,000 by the end of 2011. The GAO estimates the direct costs over their expected 7-year-life cycle at $2.4 billion. That doesn’t include the costs to passengers, such as missed flights and lost dignity.</p>
<p>A former chief security officer of the Israel Airport Authority who helped design the security at Tel Aviv's Ben Gurion International Airport <a a=""> the scanners are "expensive and useless . . . That's why we haven't put them in our airport."</a></p>
<p>This is especially troubling given that only a year ago, TSA abandoned its vaunted <a href="http://blog.tsa.gov/2009/05/explosive-trace-detection.html">"puffer machines"</a> or explosives trace portals (ETP). TSA estimated the cost of the failed ETP program at approximately $29.6 million, but it’s unclear whether this figure includes more than the cost of the machines (i.e., TSA’s costs of staffing the puffers, or removing them, or the costs to passengers). </p>
<p>We think Professor Jeffrey Rosen got it right when he <a href="http://www.tnr.com/article/politics/nude-awakening">wrote</a>: "the sacrifice these machines require of our privacy is utterly pointless." </p>
<h3>We Should Know the Truth, but We Don’t.</h3>
<p>A huge part of the problem is that we aren’t being told the truth about body scanners. This lack of accountability prevents meaningful public debate. </p>
<p>Without objective information about efficacy, we’re easily drawn into an unnecessary and empty battle of buzzwords masquerading as "values": security and safety versus privacy and freedom. </p>
<p>A <a href="http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_10-75_Mar10.pdf">Department of Homeland Security Office of Inspector General report</a> evaluating TSA screening technologies is a good example of what the government is keeping secret. </p>
<p>The unclassified summary states: "We evaluated Advanced Imaging Technology, Advanced Technology X-ray equipment, and Liquid Container Screening, all used to screen passengers or their carry-on items. We also tested Transportation Security Officer performance in checking passengers’ travel documents. . . We identified vulnerabilities in the screening process at the passenger screening checkpoint at the eight domestic airports where we conducted testing."</p>
<p>Sounds useful. Unfortunately... "The number of tests conducted, the names of the airports tested, and the quantitative and qualitative results of our testing are classified." Sigh.</p>
<p>Meanwhile, TSA <a href="http://www.foxnews.com/us/2010/11/18/tsa-enhanced-imaging-kept-illegal-dangerous-items-plans-year">continues to defend the scanners</a>: "This year alone, the use of advanced imaging technology has led to the detection of over 130 prohibited, illegal or dangerous items." TSA would not disclose exactly what those items were, but it said they included weapons like ceramic knives and various drugs — including a syringe filled with heroin hidden in a passenger’s underwear. </p>
<p>Leaving aside the obvious — that "various drugs" have nothing to do with weapon or bomb detection, and that "prohibited, illegal or dangerous items" (say, a Swiss Army knife) don’t equal a true terrorist threat — the public should be offended by TSA’s selective disclosure of information for PR gain.</p>
<p>Good information isn’t just about accountability — it’s also about not wasting money on useless technology. The GAO <a href="http://www.gao.gov/new.items/d10484t.pdf">routinely criticizes</a> TSA for not doing cost-benefit analysis. "While we recognize that TSA is taking action to address a vulnerability of the passenger checkpoint exposed by the December 25, 2009, attempted attack, we continue to believe that, given TSA’s expanded deployment strategy, conducting a cost-benefit analysis of TSA’s AIT deployment is important." (Whether such cost-benefit analysis will ever include the cost to the traveling public of enduring intrusive security checks, we don’t know.)</p>
<p>This rush to install new technology is a large part of why the "puffer machines" failed. As GAO <a href="http://www.gao.gov/new.items/d10128.pdf">observed</a>: "TSA has relied on technologies in day-to-day airport operations that have not been demonstrated to meet their functional requirements in an operational environment."</p>
<p>TSA’s excuse: "TSA officials told us that they deployed the ETP despite performance problems because officials wanted to quickly respond to emergent threats."</p>
<p>Seems like déjà vu.</p>
<h3>Demanding Better Solutions</h3>
<p>The opposition to body scanners isn’t opposition to safety or security. As one expert noted, many of the people who have little tolerance for the current iteration of airport security also want the government to work aggressively to prevent terrorist attacks. Joseph Schwieterman, a Chicago-based transportation expert, <a href="http://www.cbsnews.com/stories/2010/11/19/national/main7070150.shtml">told The Associated Press</a>. "I think Americans, in their hearts, still feel airport security is just a big show — form over substance. So they're impatient with strategies they feel are just there to placate political demands rather the genuine security threats."</p>
<p>They’re right to be impatient. The current system is exceedingly expensive, has not been proven to be effective and may not even be able to identify "underwear bombers" — the purported reason for all of these invasive scans in the first place. The numbers are in and they don’t add up. </p>
<p>We are sacrificing our dignity and civil liberties for a process that doesn’t work.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/foia/dhs-passenger-data">DHS Passenger Data</a></div></div></div>Wed, 24 Nov 2010 20:31:23 +0000tien61181 at https://www.eff.orgCommentaryTransparencyPrivacyTravel ScreeningEFF's Guide to Protecting Electronic Devices and Data at the U.S. Border https://www.eff.org/fr/deeplinks/2010/11/effs-guide-protecting-devices-data-border
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Amid recent reports that <a href="http://news.cnet.com/8301-27080_3-20012253-245.html">security</a> <a href="http://www.wired.com/threatlevel/2010/11/hacker-border-search">researchers</a> have experienced difficulties at the United States border after traveling abroad, we realized that it's been awhile since we <a href="https://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t">last</a> <a href="https://www.eff.org/deeplinks/2008/05/border-search-answers">discussed</a> how to safeguard electronic devices and digital information during border searches. So just in time for holiday travel and the <a href="http://events.ccc.de/congress/2010/wiki/Welcome">27th Chaos Communication Congress</a> in Berlin, here's EFF's guide for protecting your devices and sensitive data at the United States border.</p>
<h3>The Government Has Broad Legal Authority to Search Laptops, Phones, Cameras, and Other Devices at the U.S. Border.</h3>
<p>The <a href="http://topics.law.cornell.edu/constitution/billofrights#amendmentiv">Fourth Amendment</a> to the United States Constitution prohibits unreasonable government searches and seizures. This generally means that the government has to get a warrant to search a location or item in which you have a reasonable expectation of privacy. Searches at places where people enter or leave the country are considered "reasonable" simply because they happen at the border or its functional equivalent, such as an international airport. </p>
<p>While the Supreme Court has not yet decided the issue, several courts have considered whether the government needs even a reasonable suspicion of criminal activity to search a traveler's laptop at the border, and have regrettably decided that the answer is no. <i>E.g.</i>, <a href="http://scholar.google.com/scholar_case?case=3466693142221283970"><i>United States v. Arnold</i></a>, 533 F.3d 1003, 1008 (9th Cir. 2008); <a href="http://scholar.google.com/scholar_case?case=70312934064490790"><i>United States v. Romm</i></a>, 455 F.3d 990, 997 (9th Cir. 2006); <a href="http://scholar.google.com/scholar_case?case=3610259289266211532"><i>United States v. McAuley</i></a>, 563 F. Supp. 2d 672, 979 (W.D. Tex. 2008).</p>
<p>The unfortunate upshot of these decisions is that a border agent has the legal authority to search your electronic devices at the border, even if he has no reason to think that you've done anything wrong. Several bills have been introduced in Congress over the past few years to protect travelers from these suspicionless border searches, but none of them has passed.</p>
<p>Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) have published their policies on searching electronic devices at the border, and the <a href="http://www.aclu.org/free-speech-technology-and-liberty/abidor-v-napolitano">ACLU</a> is challenging their constitutionality in court. According to CBP's <a href="http://www.cbp.gov/linkhandler/cgov/travel/admissibility/elec_mbsa.ctt/elec_mbsa.pdf">policy</a>, your computer or copies of your data can be kept for a "brief, reasonable" amount of time to be searched on- or off-site, ordinarily not more than five days. ICE's <a href="http://www.dhs.gov/xlibrary/assets/ice_border_search_electronic_devices.pdf">policy</a> says that searches of devices and copies of data will typically be completed within 30 days. Anecdotal reports suggest that travelers' devices are sometimes detained for significantly longer periods of time.</p>
<p>Searches of devices that are conducted at a time and/or place removed from the initial border stop can become extended border searches that require reasonable suspicion of wrongdoing, or even regular searches that require a probable cause warrant. <i>See, e.g.</i>, <a href="http://scholar.google.com/scholar_case?case=10914228591381322528"><i>United States v. Cotterman</i></a>, No. CR 07-1207-TUC-RCC, 2009 U.S. Dist. LEXIS 14300 (D. Az. Feb. 24, 2009) (reasonable suspicion required to search laptop detained for two days and moved 170 miles from the border), <i>appeal docketed</i>, No. 09-10139 (9th Cir. April 7, 2009); <a href="http://epic.org/privacy/USvHanson.pdf"><i>United States v. Hanson</i></a>, No. CR 09-00946 JSW, 2010 U.S. Dist. LEXIS 61204 (N.D. Cal. June 2, 2010) (reasonable suspicion required to search laptop about two weeks after it was detained at the border and sent away for forensic analysis, and probable cause required to search laptop about four months after initial detention at border). </p>
<p>If you've had your devices detained by border agents for an extended period of time, please <a href="mailto:info@eff.org">contact EFF</a>.</p>
<h3>There Are Several (Imperfect) Ways That You Can Make Your Data Less Vulnerable at the Border.</h3>
<p>What can you do to keep the government from arbitrarily rummaging through your sensitive or confidential information during your international travels? There are several ways that you can protect your data at the border, though none is 100% gauranteed to keep the government's hands off your devices or your travels stress-free. Different approaches might be better for different travelers, devices, and data, but all of these precautions will help to keep your information significantly more secure during border crossings:</p>
<ul><li><a href="#carry_little">Carry as little data as possible over the border.</a></li>
<li><a href="#keep_backup">Keep a backup of your data elsewhere.</a></li>
<li><a href="#encrypt_data">Encrypt the data on your device.</a></li>
<li><a href="#store_download">Store the information you need somewhere else, then download it when you reach your destination.</a></li>
<li><a href="#protect_passwords">Protect the data on your devices with passwords.</a></li>
</ul><p><strong id="carry_little">Carry as little data as possible over the border.</strong> Travel with a clean device that contains only the information you need for a particular trip, and then <a href="https://ssd.eff.org/tech/deletion">securely delete</a> those files before returning to the United States. </p>
<p>Remember that merely deleting files from a device doesn't mean that they're unrecoverable. Deleted files can be trivially undeleted, in whole or in part, by forensic software. You must overwrite the file contents to securely delete them.</p>
<p>Consider taking an inexpensive "travel" laptop with you instead of a machine that you use every day. Or if your laptop allows you to remove the hard drive easily — for instance, by sliding it out a side bay — you might use a totally different hard drive for international travel and leaving your regular drive safely at home.</p>
<p><strong id="keep_backup">Keep a backup of your data elsewhere.</strong> Government agents could seize your laptop, phone, or other devices for no reason at all. You should be prepared for the possibility that you could be deprived of access your data for some time, and store copies somewhere else that you can easily access if your devices are detained at the border.</p>
<p><strong id="encrypt_data">Encrypt the data on your device.</strong> <a href="https://ssd.eff.org/tech/disk-encryption">Encrypt</a> your hard drive with a strong crypto protocol. Choose a <a href="https://ssd.eff.org/your-computer/protect/passwords">strong passphrase</a> that can resist <a href="https://secure.wikimedia.org/wikipedia/en/wiki/Brute_force_attack">brute force attacks</a>. Even if border agents seek assistance from other agencies to attempt to decrypt your data — as provided by CBP and ICE's policies — they are unlikely to be able to access your information without either getting your help or investing far more time and effort into reviewing your data than they may want to spend.</p>
<p>What if a border agent asks you to turn over your encryption keys? As a legal matter, border agents can't force you to decrypt your data, divulge passphrases, or answer questions — only a judge can, and only if the <a href="http://topics.law.cornell.edu/constitution/billofrights#amendmentv">Fifth Amendment</a> privilege against self-incrimination does not apply. This privilege protects people from being forced to make statements that could lead the government to prosecute them for a crime. The right does not shield the actual data on a laptop or phone from disclosure. But two federal courts have held that even a judge can't make a person divulge his passphrase to the government when the act of revealing the passphrase would show that he has control over potentially incriminating files. <a href="http://www.steptoe.com/assets/attachments/3273.pdf"><i>In re Boucher</i></a>, No. 2:06-mj-91, 2007 U.S. Dist. LEXIS 87951, at *13 (D. Vt. Nov. 27, 2007), <a href="http://scholar.google.com/scholar_case?case=11260688927307848544"><i>reversed on other grounds</i></a>, 2009 U.S. Dist. LEXIS 13006 (D. Vt. Feb. 29, 2009); <a href="http://mi.findacase.com/research/wfrmDocViewer.aspx/xq/fac.%2FFDCT%2FEMI%2F2010%2F20100330_0000995.EMI.htm/qx"><i>United States v. Kirschner</i></a>, Misc No. 09-MC-50872, 2010 U.S. Dist. LEXIS 30603, at **10-11 (E.D. Mich. March 30, 2010). If you're facing a situation in which the government is trying to force you to reveal encryption keys, <a href="mailto:info@eff.org">let us know</a>.</p>
<p>Be aware that if you fail to provide a passphrase or decrypt information upon request, there are a number of possible consequences. A border agent may seize your device and allow you to continue on your trip. The agent may detain you at the border. Or the agent may just shrug and and let you pass. It's hard to predict what will happen, but you should be prepared for any of these possibilities, and consider how you would deal with each of them. </p>
<p>If you choose to answer government officials' questions, always be honest about the contents of your computers and whether you're carrying other data storage devices over the border. The <a href="http://www.law.cornell.edu/uscode/18/usc_sec_18_00001001----000-.html">consequences of lying to the government</a> could be much more severe than the consequences of declining to answer questions or provide assistance.</p>
<p>Remember to shut down your device completely before going through customs so that the <a href="http://www.eff.org/press/archives/2008/02/21-0">cold boot attack</a> investigated by EFF, Princeton University and other researchers can't be used to retrieve your encryption keys.</p>
<p><strong id="store_download">Store the information you need somewhere else, then download it when you reach your destination.</strong> Store your confidential data on your employer's servers or with a third party. Then take a clean device on your trip, download the information you need when you've reached your destination, and <a href="https://ssd.eff.org/tech/deletion">securely delete</a> the files from your device before you return home.</p>
<p>This approach doesn't offer absolute protection for the data you've stored elsewhere. The FISA Amendments Act of 2008 loosened the requirements for government surveillance of people reasonably believed to be located outside the United States, so international communications can now be monitored without a warrant. Furthermore, law enforcement officers can <a href="http://www.law.cornell.edu/uscode/18/usc_sup_01_18_10_I_20_121.html">access</a> communications stored by third-party providers through the Electronic Communications Privacy Act as long as they have appropriate legal process, which might not be more than a subpoena in certain circumstances. </p>
<p>If your goal is to keep border agents from perusing vacation photos on your camera, storing your files with a third-party service and then deleting them from your device might be fine. (Note, however, that deleted images on a camera, if not actively overwritten, can be easily undeleted, just like other kinds of computer files.) But if you're concerned about government access to confidential business email, <a href="https://ssd.eff.org/wire/protect/encrypt">encrypting your data</a> is a more effective solution. Also use an encrypted VPN, and/or SSH or HTTPS, to send and receive communications and other data while abroad.</p>
<p><strong id="protect_passwords">Protect the data on your devices with passwords.</strong> Many devices such as laptops and phones give you the option to set a password, numeric PIN, pattern or other authentication method to control access to your data. Take advantage of this security feature to give your data a little more protection.</p>
<p>As with encryption keys, border agents can't force you to turn over passwords. However, researchers have <a href="http://www.wired.com/gadgetlab/2009/06/iphonesecurity/">demonstrated</a> <a href="http://www.wired.com/threatlevel/2010/10/iphone-snoop/">flaws</a> that make it easy to get around iPhone passcodes, and Android patterns are often <a href="http://www.zdnet.com/blog/security/researchers-use-smudge-attack-identify-android-passcodes-68-percent-of-the-time/7165?tag=mantle_skin;content">not hard to identify</a>. And, as we discuss below, user-account passwords, if not combined with encryption, can always be bypassed by simply removing the hard drive and putting it in another machine.</p>
<p>You might also consider creating separate password-protected user accounts on your laptop for your personal data and work data. Then you can allow a border agent to examine your own account, while storing client data or trade secrets in a separate account controlled by your employer. Your employer might disclose the password for this account to you only after you reach your destination. </p>
<p>Under certain circumstances, a border agent might be satisfied to take a look at your personal data. But simply storing confidential information in a separate password-protected account will not absolutely shield that data from government scrutiny. Many forensic search tools can access and search unencrypted data in every account on a machine, even if you yourself don't know the passwords to log in to those accounts or don't have administrative privileges on the machine. An agent can use these tools, for instance, by taking the hard drive out of your machine and putting it in their investigative machine. This allows reading the data right off the disk, regardless of the file and account permissions in your operating system. Don't rely on passwords to be your only form of security — encryption is still critically important to protect the information stored on a device.</p>
<p>For more thoughts on protecting data at the border, see Wired's <a href="http://howto.wired.com/wiki/Protect_Your_Data_During_U.S._Border_Searches">wiki</a> on how to protect data during border searches, Declan McCullagh's <a href="http://news.cnet.com/8301-13578_3-9892897-38.html">Security Guide to Customs-Proofing Your Laptop</a>, and Chris Soghoian's <a href="http://news.cnet.com/8301-13739_3-9935170-46.html">Guide to Safe International Data Transport</a>.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/foia-litigation-border-searches">Border Searches </a></div></div></div>Wed, 24 Nov 2010 20:27:29 +0000marcia61178 at https://www.eff.orgTransparencyTravel ScreeningCoders' Rights ProjectHave You Been Subjected to Suspicionless Laptop Search or Seizure at the Border?https://www.eff.org/fr/deeplinks/2010/01/have-you-been-subjected-suspicionless-laptop-searc
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF has long fought for the privacy of your laptop and other digital devices at the border. U.S. Customs and Border Protection has implemented program that authorizes searches of the contents of travelers’ laptop computers and other electronic storage devices at border crossings, notwithstanding the absence of probable cause, reasonable suspicion or any indicia of wrongdoing. </p>
<p>In <a href="http://www.eff.org/cases/us-v-arnold">U.S. v. Arnold</a> we fought for a requirement that customs agents have some reason before searching your computer and in our <a href="http://www.eff.org/cases/foia-litigation-border-searches">FOIA work on border searches</a>, we have pushed the government to reveal its policies and practices in this area. </p>
<p>Now, another civil rights group, the <a href="http://www.criminaljustice.org/">National Association of Criminal Defense Lawyers</a> is seeking potential plaintiffs for a lawsuit challenging suspicionless laptop searches. As a first step in this effort, NACDL is seeking to identify defense lawyers who have had their laptops searched at the border and are willing to serve as individual plaintiffs. In order to demonstrate the effect of this policy on members of the criminal defense bar and to support the constitutional challenge, NACDL plans to assemble a group of individual plaintiffs who will develop affidavits describing the harm they suffer by having their electronic information exposed to government officials. </p>
<p>This lawsuit will not seek monetary damages for individuals who have been searched; instead, it will focus exclusively on fixing the unconstitutional policy. Participating members will be represented at no charge by NACDL and ACLU attorneys. </p>
<p>EFF supports the NACDL and ACLU's joint effort. To determine whether you may qualify as a plaintiff, please consider the following:</p>
<ol><li>
Have you ever had your laptop, cell phone or camera searched when entering or exiting the U.S.?
</li>
<li>
Have you ever had the contents of your laptop, cell phone or camera copied when entering or exiting the U.S.?
</li>
<li>
Have you ever had your laptop, cell phone or camera seized when entering or exiting the U.S.?
</li>
<li>
If you are employed by someone else, does your employer have a policy about traveling internationally with laptops, cell phones or cameras?
</li>
<li>
Do you avoid carrying confidential business or personal information on your laptop, cell phone or camera due to the suspicion-less search policy?
</li>
</ol><p>If you answered ‘yes’ to any of these questions, and might be interested in joining the NACDL suit, please contact Michael Price, NACDL's National Security Coordinator, at (202) 872-8600 x258 or michael@nacdl.org.</p>
</div></div></div>Wed, 13 Jan 2010 20:51:30 +0000jennifer60895 at https://www.eff.orgAnnouncementTravel ScreeningEFF Releases Interim Report on the Automated Targeting Systemhttps://www.eff.org/fr/deeplinks/2009/07/eff-releases-interim
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF today released an <a href="/issues/foia/automated-targeting-system-report">Interim Report</a> on the <a href="http://www.washingtonpost.com/wp-dyn/content/article/2007/09/21/AR2007092102347.html">Automated Targeting System</a> (ATS) through which the Department of Homeland Security monitors and assigns risk assessment scores to Americans and others who cross into or out of the United States. The data reviewed under the ATS system includes seven large government databases, plus the Passenger Name Record data from the airlines (which includes data like whether you've ordered a Muslim or Hindu or Jewish special meal). Effectively, if you travel internationally, ATS creates an instant, personal and detailed dossier on you that CBP officers use to decide whether you get to enter the country, or will be subject to an enhanced (and potentially invasive) search. EFF's report details what we've learned about the ATS program from the over 2,000 pages released by the government so far. We note that because of government's very heavy redacting and refusal to release key information Americans remain in dark about how this powerful system is used on travelers. EFF's Interim report was written by Shana Dines.</p>
<p>DHS has continued to release documents to EFF so we'll update the report as additional useful information comes out. </p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/foia/ats">Automated Targeting System (ATS)</a></div></div></div>Mon, 03 Aug 2009 18:57:36 +0000cindy60748 at https://www.eff.orgAnnouncementTransparencyTravel ScreeningInternal DHS Documents Detail Expansion of Power to Read and Copy Travelers' Papershttps://www.eff.org/fr/press/archives/2008/09/23
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Quiet Changes in Policy Allow For Searches Without Suspicion of Wrongdoing</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco - Recently obtained documents show that last year the Department of Homeland Security quietly reversed a two-decades-old policy that restricted customs agents from reading and copying the personal papers carried by travelers, including U.S. citizens. The documents were made public today by the Asian Law Caucus (ALC) and Electronic Frontier Foundation (EFF), which sued the government under the Freedom of Information Act (FOIA) to obtain policies governing the searches and questioning of travelers at the nation’s borders.</p>
<p>The documents show that in 2007, Customs and Border Protection (CBP) loosened restrictions on the examination of travelers' documents and papers that had existed since 1986. While CBP agents could previously read travelers' documents only if they had "reasonable suspicion" that the documents would reveal violations of agency rules, in 2007 officers were given the power to "review and analyze" papers without any individualized suspicion. Furthermore, whereas CBP agents could previously copy materials only where they had "probable cause" to believe a law had been violated, in 2007 they were empowered to copy travelers' papers without suspicion of wrongdoing and keep them for a "reasonable period of time" to conduct a border search. The new rules applied to physical documents as well as files on laptop computers, cell phones, and other electronic devices.</p>
<p>In July 2008, the Department of Homeland Security made public a new policy on examining travelers' papers and electronic devices that finalized many of the changes first implemented in 2007. The agency did not disclose, however, how much the new policy deviated from rules that had been in place since 1986. The FOIA documents from ALC's and EFF's suit included the original policy, which had been adopted after a group of U.S. citizens challenged the practices of the 1980s as violating First Amendment rights.</p>
<p>"For more than 20 years, the government implicitly recognized that reading and copying the letters, diaries, and personal papers of travelers without reason would chill Americans' rights to free speech and free expression," said Shirin Sinnar, ALC staff attorney. "But now customs officials can probe into the thoughts and lives of ordinary travelers without any suspicion at all."</p>
<p>In February 2008, ALC and EFF sued the Department of Homeland Security for failing to disclose its policies on searching and questioning travelers at U.S. borders. ALC, a San Francisco-based civil rights organization, received more than two dozen complaints since last year from U.S. travelers, mostly of Muslim, South Asian, or Middle Eastern origin, who said they were grilled about their families, religious practices, volunteer activities, political beliefs, or associations when returning to the United States from travels abroad. In addition, these individuals said that CBP agents examined their books, handwritten notes, personal photos, laptop computer files, and cell phone directories, and sometimes made copies of this information. The documents from the FOIA request show that CBP's wide latitude to collect this data attracted significant attention from other law enforcement agencies that sought to access it.</p>
<p>"Your laptop computer likely contains a massive amount of private information such as personal emails, financial data or confidential business records," said EFF Staff Attorney Marcia Hofmann. "The Department of Homeland Security has given its agents increasingly broad authority to search, copy, and store that information. Congress needs to step in now to stop these invasive practices and protect travelers' privacy."</p>
<p>The newly released documents, which total 661 pages, also reveal that:</p>
<p>* In 2004, CBP adopted a directive on responding to "potential terrorists" seeking to enter the United States. The directive, which was revised in 2006, called for intensive questioning and document review of individuals who were flagged as "known or suspected" terrorists.</p>
<p>* CBP appears to have no policy constraining agents from questioning travelers on their religious practices or political views, in spite of the fact that many travelers have complained about being grilled on such First Amendment-protected activities.</p>
<p>* According to the Tucson, Arizona, field office of CBP, a database developed within that office to gather and disseminate intelligence on possible terrorists was to serve as a model for a national database.</p>
<p>ALC and EFF plan to challenge the government's withholding of portions of many of these documents in federal district court this fall.</p>
<p>For the complete set of FOIA documents and more detailed analysis:<br />
http://www.eff.org/cases/foia-litigation-border-searches.</p>
<p>To interview an individual questioned or searched by CBP:<br />
Contact Shirin Sinnar at 415-848-7714 or shirins@asianlawcaucus.org</p>
<p>Contacts:</p>
<p>Marcia Hofmann<br />
Staff Attorney<br />
Electronic Frontier Foundation<br />
marcia@eff.org</p>
<p>Shirin Sinnar<br />
Staff Attorney<br />
Asian Law Caucus<br />
shirins@asianlawcaucus.org</p>
</div></div></div>Tue, 23 Sep 2008 13:20:43 +0000richard62101 at https://www.eff.orgPublic Pressure Mounts Against Invasive Border Searcheshttps://www.eff.org/fr/deeplinks/2008/08/public-pressure-mounts-against-invasive-border-sea
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Random, invasive laptop searches and other digital privacy violations at the U.S. border are facing increasing pressure from the public and Congress. One of the big complaints EFF and others have had is the lack of information and accountability about the intrusive examination of computer files, cell phone directories, and other private information -- and the indiscriminate copying of that data -- as Americans come back home from overseas.</p>
<p>The good news is that the government has finally made public its <a href="http://www.eff.org/files/filenode/travelscreening/CBPPolicyBorderSearch.pdf">policy guidelines</a> for digital searches and data seizures at U.S. borders. The bad news is that it is claiming expansive powers to randomly search your laptop, decrypt and translate any information on the machine, and even seize the device for an "off-site" search. As <a href="http://www.washingtonpost.com/wp-dyn/content/article/2008/08/01/AR2008080103030.html">news</a> <a href="http://blog.wired.com/27bstroke6/2008/08/border-laptop-s.html">coverage</a> of the guidelines have pointed out, there is no limit to how long the government can keep your computer, iPod, camera, or any other digital device, leaving travelers just about helpless to protect their personal property and private information from the whims of a border agent.</p>
<p>EFF has long been involved in the <a href="http://www.eff.org/cases/us-v-arnold">battle</a> against these random and intrusive searches, and has <a href="http://www.eff.org/press/archives/2008/05/01">called</a> on <a href="http://www.eff.org/deeplinks/2008/06/congress-must-investigate-privacy-violations-u-s-b">Congress</a> to crack down on the government's claim of blanket search and seizure power of your electronic devices and the data inside. Congresswoman Zoe Lofgren has decided to take action, introducing a <a href="http://lofgren.house.gov/PRArticle.aspx?NewsID=1935">bill</a> to curb the baseless searches. (<i>Update: Reps. Ron Paul and Eliot Engle have also introduced a <a href="http://www.thomas.gov/cgi-bin/query/z?c110:H.R.6702:">border search bill</a></i>). In the meantime, EFF is working to uncover more information about the border search program with a Freedom of Information Act <a href="http://www.eff.org/press/archives/2008/02/07">suit</a> filed with the <a href="http://www.asianlawcaucus.org">Asian Law Caucus</a>.</p>
<p>The government is working hard as well. The Transportation Security Administration recently <a href="http://www.fcw.com/online/news/153202-1.html?type=pf">announced</a> that its <a href="http://www.eff.org/deeplinks/2007/09/secure-flight-returns-lacking-privacy-protections">Secure Flight</a> program should start operating before the end of the year. Secure Flight will allow the government to collect the passenger records you are obliged to hand over to airlines when you travel, and then connect that personal data with other government databases. But as EFF <a href="http://www.eff.org/files/filenode/travelscreening/092407_secure_flight_comments.pdf">pointed out</a> in comments to the Department of Homeland Security last year, individuals will be prevented from discovering what data is kept on them, lack the ability to correct that data, and lack the right to judicial review to force data to be corrected. Check out our <a href="http://www.eff.org/issues/travel-screening">Travel Screening</a> resources for more.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/foia-litigation-border-searches">Border Searches </a></div></div></div>Fri, 08 Aug 2008 18:50:39 +0000rebecca60431 at https://www.eff.orgTransparencyTravel ScreeningEuropean Lawmaker Sues U.S. Agencies to Obtain Travel-Related and Other Personal Informationhttps://www.eff.org/fr/press/archives/2008/07/01
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Lawsuit Tests U.S. Assurances of Access Rights for EU Citizens</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Washington, D.C. - The Electronic Frontier Foundation (EFF) filed suit on behalf of a member of the European Parliament today, demanding that the U.S. government release records about her "risk assessment" score and other information gathered about her during her international travels. The lawsuit comes just days after the disclosure that the U.S. and the European Union may soon finalize an agreement authorizing the transatlantic exchange of large amounts of personal data.</p>
<p>Sophia In 't Veld represents the Netherlands in the European Parliament and serves on the Committee on Civil Liberties, Justice, and Home Affairs. She has been actively engaged in developing policies concerning the exchange of travelers' data between the U.S. and the European Union (EU).</p>
<p>During the ongoing and contentious debates between the U.S. and the EU over travelers' records and the privacy rights of EU citizens, the U.S. government has repeatedly claimed that any person can obtain her records through a Freedom of Information Act (FOIA) request. To test those assurances, In 't Veld filed FOIA requests with the Homeland Security, Justice, and State Departments, asking for any information about her that is included in the various U.S. programs and systems used to track international travelers. However, the agencies have failed to comply with the requests as required by federal law.</p>
<p>"The question of redress is the sticking point in the current discussions about data exchanges between the United States and the EU," said In 't Veld. "That dispute underscores the importance of this case; it shows that gaining access to personal data held by U.S. agencies is very difficult, if not impossible."</p>
<p>Among other records, In 't Veld specifically requested data about herself that is included in the Automated Targeting System (ATS) -- a Department of Homeland Security project that creates and assigns "risk assessment" scores to travelers as they enter and leave the U.S. Once the assessment is made, there is no way to challenge it, and the government will retain the information for many years -- as well as make it available to federal, state, local, and foreign agencies in addition to contractors, grantees, consultants, and others.</p>
<p>"Ms. In 't Veld's experience shows the inaccuracy of U.S. assurances that EU citizens can gain easy access to personal information held in agency databases," said EFF Senior Counsel David Sobel. "The truth is that it is virtually impossible for any individuals --even U.S. citizens -- to access information about themselves that is collected and maintained by American security agencies. It's important that EU officials and citizens understand the reality of the situation before moving forward with a sweeping agreement on the exchange of sensitive personal data."</p>
<p>This FOIA lawsuit is part of EFF's ongoing work to protect travelers from privacy-invasive programs at the U.S. border. EFF has also filed suit against DHS for denying access to public records on the questioning and searches of travelers at U.S. borders and called on Congress to investigate the random, suspicionless searches of laptops and electronic devices.</p>
<p>For the full complaint:<br />
http://www.eff.org/files/int_veld_complaint.pdf</p>
<p>For more on the U.S./EU data sharing agreement:<br />
http://www.nytimes.com/2008/06/28/washington/28privacy.html</p>
<p>For more on travel screening:<br />
http://www.eff.org/issues/travel-screening</p>
<p>For more on FOIA:<br />
http://www.eff.org/issues/foia </p>
<p>Contacts:</p>
<p>David Sobel<br />
Senior Counsel<br />
Electronic Frontier Foundation<br />
sobel@eff.org</p>
<p>Marcia Hofmann<br />
Staff Attorney<br />
Electronic Frontier Foundation<br />
marcia@eff.org</p>
<p>Rebecca Jeschke<br />
Media Coordinator<br />
Electronic Frontier Foundation<br />
press@eff.org</p>
</div></div></div>Tue, 01 Jul 2008 17:16:18 +0000rebecca62088 at https://www.eff.orgCongress Must Investigate Privacy Violations at U.S. Bordershttps://www.eff.org/fr/deeplinks/2008/06/congress-must-investigate-privacy-violations-u-s-b
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>This morning, EFF Senior Staff Attorney Lee Tien testified in a Senate hearing on laptop searches and other privacy violations faced by Americans at the U.S. border. Lee's <a href="http://www.eff.org/files/filenode/travelscreening/tien%20testimony.pdf">testimony [PDF]</a> outlined the dangers of random and invasive searches of travelers' digital devices, and urged more congressional investigation and oversight.</p>
<p>Today's hearing comes as Americans are increasingly complaining about how the Department of Homeland Security searches laptops, cell phones, and other digital devices as they come home from overseas travel. Agents often confiscate the devices, copy the contents, and sometimes even provide a copy of the data to the Department of Justice -- even when the traveler is not suspected of criminal activity.</p>
<p>EFF is deeply concerned about this blanket search and seizure power. We've participated as amicus in <a href="http://www.eff.org/cases/us-v-arnold">US v. Arnold</a>, an important case concerning suspicionless searches at the border. We've also teamed up with other privacy and professional associations to <a href="//www.eff.org/press/archives/2008/05/01">ask lawmakers</a> for answers, and we've <a href="http://www.eff.org/cases/foia-litigation-border-searches">sued</a> DHS for refusing to make their policies public. </p>
<p>If you are concerned about your privacy at the border, you can read up on our <a href="//www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t">tips</a> to protect yourself. But without better polices at the border, there are no guarantees. The unique nature of electronic information stored on computers and other portable devices requires search standards that protect the privacy of Americans in the Information Age, and we hope that Congress soon starts work on this important issue.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/us-v-arnold">US v. Arnold</a></div><div class="field__item odd"><a href="/fr/cases/foia-litigation-border-searches">Border Searches </a></div></div></div>Wed, 25 Jun 2008 23:08:04 +0000rebecca60376 at https://www.eff.orgTransparencyTravel ScreeningEFF to Testify at Congressional Hearing on Electronic Searches at U.S. Bordershttps://www.eff.org/fr/press/archives/2008/06/23
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Wednesday Hearing on Laptop Searches and Other Privacy Violations</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Washington, D.C. - On Wednesday, June 25, at 9 a.m., members of the U.S. Senate Judiciary hearing will hold a public hearing on laptop searches and other privacy violations faced by Americans at the U.S. border.</p>
<p>Senior Staff Attorney Lee Tien of the Electronic Frontier Foundation will appear at Wednesday's hearing to urge more congressional investigation and oversight of the Department of Homeland Security's border search practices and policies. While the U.S. Supreme Court has ruled that customs and border agents can perform "routine" searches at the border without a warrant or even reasonable suspicion, increasingly Americans are complaining about random and invasive searches of their laptops, cell phones, and other digital devices as they come home from overseas travel. In a typical search, U.S. border officials will turn on the device and then open and review files. If agents see something of interest, they may copy data or confiscate the device -- even if the traveler is not suspected of criminal activity.</p>
<p>"These ongoing baseless searches of electronic devices at America's borders are not 'routine,' they're unreasonable," said Tien. "It's hard to imagine something more invasive than a wholesale copying of private files from a personal computer. We need Congress and the courts to recognize a standard for digital searches and seizures at the border that protects the privacy, property, and free speech rights of Americans in the Information Age."</p>
<p>WHO:<br />
Lee Tien<br />
Senior Staff Attorney Electronic Frontier Foundation</p>
<p>WHAT:<br />
"Laptop Searches and Other Violations of Privacy Faced by Americans Returning from Overseas Travel"<br />
U.S. Senate Judiciary Subcommittee on the Constitution</p>
<p>WHEN:<br />
9 a.m.<br />
Wednesday, June 25</p>
<p>WHERE:<br />
Dirksen Senate Office Building<br />
Room 226<br />
Washington, D.C.</p>
<p>For more on the hearing:<br />
http://judiciary.senate.gov/hearing.cfm?id=3420</p>
<p>Contacts:</p>
<p>Rebecca Jeschke<br />
Media Coordinator<br />
Electronic Frontier Foundation<br />
press@eff.org</p>
<p>Lee Tien<br />
Senior Staff Attorney<br />
Electronic Frontier Foundation<br />
tien@eff.org</p>
</div></div></div>Mon, 23 Jun 2008 21:05:56 +0000rebecca62087 at https://www.eff.orgJudges Urged to Curtail Random Searches of Travelers' Laptopshttps://www.eff.org/fr/press/archives/2008/06/12
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">EFF Asks for Review of Flawed Appeals Court Ruling</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco - The Electronic Frontier Foundation (EFF) and the Association of Corporate Travel Executives (ACTE) urged an appeals court today to review a flawed decision allowing random and invasive searches of travelers' computers at the U.S. border.</p>
<p>The news media has reported extensively on these searches as well as the surprise and anger felt by American travelers when they are singled out for inspection. In a typical search, U.S. border officials will turn on the computer and then open and review files. If agents see something of interest, they may confiscate the computer, copy its contents, and sometimes provide a copy to the Department of Justice -- even when the traveler is not suspected of criminal activity. In some cases, travelers have never gotten their computers back from the government.</p>
<p>In an amicus brief filed today, EFF and ACTE asked the full 9th U.S. Circuit Court of Appeals to rehear and reverse an appeals panel decision in United States v. Arnold, which upheld this blanket search and seizure power. While the U.S. Supreme Court has ruled that customs and border agents can perform "routine" searches at the border without a warrant or even reasonable suspicion, these ongoing baseless searches of electronic devices at America's borders are unconstitutionally invasive.</p>
<p>"Searching a laptop is very different from searching a briefcase. Your computer contains a vast amount of information about your private life, including details about your family, your finances, and your health," said EFF Senior Staff Attorney Lee Tien. "All that information can be easily copied, transferred, and stored in government databases, just because you were chosen for a random inspection."</p>
<p>These suspicionless laptop searches and data seizures violate the Fourth Amendment's prohibition against unreasonable search and seizure. The unique nature of electronic information stored on computers and other portable devices requires the courts to recognize a standard that protects the privacy of Americans in the Information Age.</p>
<p>"The implications of unfettered data collection are staggering," said ACTE Executive Director Susan Gurley. "Border authorities may now systematically collect all information on every laptop computer, BlackBerry, or other device carried across our border. The government can then store and search all that data without any justification or oversight by any court. This simply does not square with the Fourth Amendment."</p>
<p>The EFF-ACTE amicus brief was prepared by Arent Fox LLP.</p>
<p>For the full amicus brief:<br />
http://www.eff.org/files/filenode/US_v_arnold/amicusjune08.pdf</p>
<p>For more on US v. Arnold:<br />
http://www.eff.org/cases/us-v-arnold</p>
<p>Contacts:</p>
<p>Lee Tien<br />
Senior Staff Attorney<br />
Electronic Frontier Foundation<br />
tien@eff.org</p>
<p>Susan Gurley<br />
Executive Director<br />
Association of Corporate Travel Executives<br />
susan@acte.org</p>
</div></div></div>Thu, 12 Jun 2008 18:11:47 +0000rebecca62080 at https://www.eff.orgEFF Answers Your Questions About Border Searcheshttps://www.eff.org/fr/deeplinks/2008/05/border-search-answers
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Readers of my deeplink on <a href="http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t">safeguarding your laptop and digital devices from warrantless searches at the border</a> responded with both questions and answers. Some readers wondered whether you have an obligation not to destroy information on your laptop. Others pointed out that U.S. citizens may be detained, but not turned away, at the U.S. border. Many technologists wrote to offer cryptographic solutions, or warnings about encryption schemes that are not as secure as they should be. In this post, I answer the question about destruction of information and reproduce or summarize, with permission, others' suggestions about protecting your laptop from arbitrary searches. I haven't done any independent analysis of these techniques or tools, so your mileage may vary.</p>
<ul><li><b>Duty to delete?</b> A complete discussion of the federal law of destruction of evidence, and of state law on the topic, is beyond the scope of this post (see here for a <a href="http://books.google.com/books?id=SJbzNaHY43QC&amp;pg=PR3&amp;source=gbs_selected_pages&amp;cad=0_1&amp;sig=JeVCkgDUU2d4pzbPpSpyG2MtFmQ">textbook on the subject</a>). However, individuals who are not anticipating being sued and who do not know they are under criminal investigation generally have no obligation to preserve information on their laptops. If you have notice of an impending civil suit or government investigation, then you are obligated to preserve relevant material. Failure to preserve evidence for a civil suit can result in any of the potential sanctions for discovery violations, including fines and adverse jury instructions. Under federal criminal law, knowing destruction of evidence relevant to a pending judicial proceeding or administrative investigation can be punished with up to twenty years in prison. Further, destroying evidence in furtherance of an illegal scheme may also be aiding and abetting, or conspiracy.
<p>In sum, international travelers trying only to protect privileged information, trade secrets or private communications or photos, have no obligation under federal law to preserve these documents on a laptop so that they may be reviewed by border guards.</p></li>
<li><b>Secure passwords:</b> As for techniques to protect yourself and your privacy, security expert Bruce Schneier offers <a href="http://www.schneier.com/essay-148.html">a guide to securing passwords</a> against an offline password-guessing attack.</li>
<li><b>Whit Diffie's advice to Mac users:</b> Don't allow passphrases for encrypted disk files to be saved on your keychain.
<p>Crypto pioneer Whitfield Diffie observes that while the Mac Disk Utility encryption offers perfectly fine AES128 encryption, you must opt out to avoid having the key you give stored on you keychain, i.e., encrypted in your login password. Since login passwords are rarely more than a few characters long the effect is render your encrypted file vulnerable to a forensic study of the disk. Once a key has been written on the disk, you have to scrub the whole disk very carefully before you can be sure it is gone.
</p></li>
<li><b>Gone but not forgotten:</b> EFF co-founder John Gilmore warns that merely deleting files will not remove them from your hard drive. You must overwrite the file contents. Macs have a "Secure Erase Trash" and Linux machines have "shred -u", that also overwrites the file contents and the file names before removal. A variety of <a href="http://www.thefreecountry.com/security/securedelete.shtml">Windows secure wipe utilities</a> are available online.
<p>John adds that secure erasure doesn't work on flash drives (which have an extra layer of data allocation software to do "wear leveling" so that lots of writing to particular parts of the chip don't wear out that part prematurely). There are technical ways to physically erase some parts of some flash drives, but I don't know any file systems that can actually do it.
</p></li>
<li><b>Power off before the border:</b> Shut your machine down totally before taking it through customs, ideally many minutes in advance so that the <a href="http://www.eff.org/press/archives/2008/02/21-0">RAM storage insecurity</a> discovered by EFF, Princeton University and other researchers cannot be used to get your disk encryption keys.
</li>
<li><b>Eight steps to secure data:</b> Chris Soghoian, a graduate student at the School of Informatics at Indiana University, offers his "<a href="http://www.cnet.com/8301-13739_1-9935170-46.html">Guide to Safe International Data Transport</a>." (Disclosure: I represented Chris pro-bono in connection with his boarding pass generator in 2006 and 2007.)</li>
<li><b>Truecrypt:</b> Finally, many people wrote in about <a href="http://www.truecrypt.org">Truecrypt</a> and its provision of "plausable deniability." A user can have an encrypted partition (which can be hidden as any file on your hard drive) and within that partition hide another partition. One password will reveal one partition and another separate password will reveal the other. Because of the way Truecrypt encrypts the partition table itself, an observer cannot detect a hidden partition even if she has access to the "regular" encrypted share. This gives a traveler something to decrypt if a Customs official asks, while keeping the rest of your information secure. Remember, however, that lying to a federal law enforcement officer about material facts is a crime, so if you choose to answer a question about whether there are additional encrypted partitions, you are obligated to answer truthfully. </li>
</ul><p>I hope these pragmatic tips help people keep their data secure from arbitrary searches at the border.</p>
<p>For more information on digital border searches, view our <a href="http://www.eff.org/press/archives/2008/05/01">open letter to Congress</a> or visit <a href="http://www.eff.org/action/bordersearch">EFF's Action Center</a>.</p>
</div></div></div>Wed, 07 May 2008 21:07:44 +0000jennifer60309 at https://www.eff.orgTravel ScreeningProtecting Yourself From Suspicionless Searches While Travelinghttps://www.eff.org/fr/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The Ninth Circuit's <a href="http://www.ca9.uscourts.gov/ca9/newopinions.nsf/6D5D931898D8168188257432005AC9B8/$file/0650581.pdf?openelement">recent ruling</a> (pdf) in <a href="http://www.eff.org/cases/us-v-arnold"><em>United States v. Arnold</em></a> allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. EFF and many civil liberties, travelers’ rights, immigration advocacy and professional organizations are concerned that unfettered laptop searches endanger trade secrets, attorney-client communications, and other private information. These groups have signed a <a href="http://www.eff.org/press/archives/2008/05/01/border-search-open-letter">letter</a> asking Congress to hold hearings to find out what protocol, if any, Customs and Border Protection (CBP) follows in searching digital devices and copying, storing and using travelers’ data. The letter also asks Congress to pass legislation protecting travelers’ laptops and smart phones from unlimited government scrutiny.</p>
<p>If privacy at the border is important to you, <a href="http://www.eff.org/action/bordersearch">contact Congress now and ask them to take action</a>!</p>
<p>In the meantime, how can international travelers protect themselves at the U.S. border, short of leaving their laptops and iPhones at home? </p>
<p>Many travelers practice security through obscurity. They simply hope that no border agent will rummage through their private data. Too many people enter the country each day for agents to thoroughly search every device that crosses the border, and there is too much information stored on most devices for agents to find the most revealing and confidential tidbits. But for travelers who may be targeted based on their celebrity, race or other distinguishing factor, obscurity is not an option. As last week's <a href="http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html">news</a> that Microsoft is giving away forensic tools that can quickly search an entire hard drive on a USB “thumb drive” shows, it won't be long before customs agents can efficiently perform a thorough search on every machine. So long as there are no protocols or oversight for these searches, every traveler's personal information is at risk. </p>
<p>Encryption is one (imperfect) answer. </p>
<p>If you encrypt your hard drive with strong crypto, it will be prohibitively expensive for CBP to access your confidential information. This answer is imperfect for two reasons—one is practical, the other is technological. </p>
<p>
Practically, the government has not disclosed CBP's laptop search practices, despite our Freedom of Information Act <a href="http://www.eff.org/cases/foia-litigation-border-searches">lawsuit</a> for these documents. We don't know what a border patrol agent will do when confronted with an encrypted machine. One possibility is that the agent will simply give up and let the traveler pass with her belongings. Other possibilities are that the agent will turn the traveler and her machine away at the border, or that he will seize the laptop and allow the traveler to continue on. I suspect that on most occasions, CBP agents confronted with encrypted or password-protected data tell the owner to enter the password or get turned away, and the owner, eager to continue her voyage or to return home, simply complies. </p>
<p>If you don't want to comply, CBP cannot force you to decrypt your data or give over your password. Only a judge can force you to answer questions, and then only if the Fifth Amendment does not apply. While no Fifth Amendment right protects the data on your laptop or phone, one federal court has held that even a judge cannot force you to divulge your password when the act of revealing the password shows that you are the person with access to or control over potentially incriminating files. See <a href="http://www.eff.org/files/Boucher.pdf"> In re Boucher</a>, 2007 WL 4246473 (D. Vt. November 29, 2007). </p>
<p>If, however, you don't respond to CBP’s demands, the agency does have the authority to search, detain, and even prohibit you from entering the county. CBP has more authority to turn non-citizens away than it does to exclude U.S. persons from entering the country, but we don't know how the agents are allowed to use this authority to execute searches or get access to password protected information. CBP also has the authority to seize your property at the border. Agents cannot seize anything they like (for example, your wedding ring), but we do not know what standards agents are told to follow to determine whether they can and should take your laptop but let you by. </p>
<p>Technologically, encryption is imperfect because even strong crypto can be cracked when someone obtains the keys. Border agents can demand the keys from travelers unwilling to face seizure or detention. Agents may also be able to extract and use keys that are stored on the machine itself. Generally, if you keep your keys with the laptop, in your head or on your disk, then the encryption is easier to socially engineer or break than if you keep the keys elsewhere. (Discussion of what encryption techniques to use or avoid is beyond the scope of this post.) </p>
<p>Encryption aside, there may be other ways you can show CBP that your laptop is indeed a normal computer and that you mean no harm while keeping confidential information from prying eyes. Most operating systems let users to create multiple accounts on a single machine. A traveler could allow CBP to examine his own account, while storing client data or trade secrets in a separate account “owned” by his law firm or corporation. Under typical border search circumstances, this might satisfy CBP concerns. However, simply storing information in a different account—even one protected by a password—is not the same as encrypting it. If CBP is interested, the most commonly used forensic search tools can access and search non-encrypted data in every account on the machine. </p>
<p>Law firms, corporations and other entities that routinely deal with confidential information are handing their business travelers forensically clean laptops loaded with only what the traveler needs for that particular business trip. Leaving unnecessary data, like five years of email, behind may be the best thing. Of course, if trade secrets or client information are the reason for the trip, this plan will not help. </p>
<p>Another option is to bring a clean laptop and get the information you need over the internet once you arrive at your destination, send your work product back, and then delete the data before returning to the United States. Historically, the Foreign Intelligence Surveillance Act (FISA) generally prohibited warrantless interception of this information exchange. However, the Protect America Act amended FISA so that surveillance of people reasonably believed to be located outside the United States no longer requires a warrant. Your email or telnet session can now be intercepted without a warrant. If all you are concerned about is keeping border agents from rummaging through your revealing vacation photos, you may not care. If you are dealing with trade secrets or confidential client data, an encrypted VPN is a better solution. </p>
<p>Finally, however useful these techniques might be to protect laptops, travelers do not have this array of options for protecting data stored on less configurable smart phones. Of course, many phones do have a lock or password protection option, which travelers might consider enabling before heading to the airport. </p>
<p>In sum, while you must submit yourself and your electronic devices to warrantless and suspicionless searches at the border, you are not legally obligated to decrypt information or reveal passwords. However, if you fail to do so, the border agents may detain or search you, or even seize the device. There are no options that provide perfect privacy protection, but there are some options that reduce the likelihood that a legitimate international traveler's confidential information will be subjected to arbitrary and capricious examination. </p>
<p>Example Security Precaution</p>
<p>Attorney Alice needs to have confidential attorney-client privileged information overseas. Before departure, she removes unnecessary information, encrypts her hard drive with strong crypto and sets up a login for a protected account and a travel account on her computer. To access the confidential data, one would need to first login to the protected account, and then open the encrypted files. Only Alice’s employer (The Law Offices of Bob) knows the passwords to the account and encrypted data, and keeps them secret until Alice arrives at her destination. Bob then sends the passwords to Alice in an encrypted email message. </p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/us-v-arnold">US v. Arnold</a></div></div></div>Thu, 01 May 2008 18:03:54 +0000jennifer60303 at https://www.eff.orgPrivacyTravel ScreeningCongress Must Investigate Electronic Searches at U.S. Bordershttps://www.eff.org/fr/press/archives/2008/05/01
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even">Broad Coalition Urges Hearings on Intrusive Search and Seizure of Electronic Devices</div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>San Francisco - The Electronic Frontier Foundation (EFF) and a broad coalition, including civil rights groups, professional associations and technologists, called on Congress today to hold oversight hearings on the Department of Homeland Security's search and seizure of electronic devices at American borders.</p>
<p>The press has widely reported disturbing stories about U.S. citizens subject to intrusive searches of their laptops and cell phones. But a recent court decision found that customs officials can search travelers' computers at the border without suspicion or cause. In a letter sent to the House and Senate Homeland Security and Judiciary committees today, the coalition urges lawmakers to consider passing legislation to prevent abusive search practices by border agents and to protect all Americans from suspicionless digital border inspections.</p>
<p>"Our computers, cell phones, and other electronic devices hold a vast amount of personal information like financial data, health histories, and personal emails and letters," said EFF Staff Attorney Marcia Hofmann. "In a free country, the government cannot have unlimited power to read, seize, and store this information without any oversight."</p>
<p>So far, the Department of Homeland Security has refused to release its policies and procedures for conducting these intrusive searches. EFF and the Asian Law Caucus have filed suit against the Department of Homeland Security to obtain the information through the Freedom of Information Act.</p>
<p>"Your privacy could be at risk even if you don't travel yourself. Your financial institution, your insurer, and other enterprises hold extensive personal data about you and your family," said EFF Senior Staff Attorney Lee Tien. "If agents of those groups travel internationally, your information could be exposed to officials at the border or potentially copied and stored in government databases. Americans should know how and why electronic data is seized and kept by the government, and who is able to access it at the border and in the years afterwards."</p>
<p>In addition to EFF, the coalition signing today's letter includes more than 40 organizations and individuals, including the Association for Corporate Travel Executives, the American Civil Liberties Union, the National Association of Criminal Defense Lawyers, the Rutherford Institute, and prominent technologists such as Bruce Schneier and Whitfield Diffie.</p>
<p>For the full letter to Congress:<br />
http://www.eff.org/press/archives/2008/05/01/border-search-open-letter</p>
<p>For more on EFF's suit on border searches:<br />
http://www.eff.org/cases/foia-litigation-border-searches</p>
<p>Contacts:</p>
<p>Marcia Hofmann<br />
Staff Attorney<br />
Electronic Frontier Foundation<br />
marcia@eff.org</p>
<p>Lee Tien<br />
Senior Staff Attorney<br />
Electronic Frontier Foundation<br />
tien@eff.org</p>
</div></div></div>Thu, 01 May 2008 14:17:14 +0000rebecca62074 at https://www.eff.orgNo Cause Needed to Search Laptops at the Borderhttps://www.eff.org/fr/deeplinks/2008/04/no-cause-needed-search-laptops-border
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>On April 21st, the Ninth Circuit held in <a href="http://www.ca9.uscourts.gov/ca9/newopinions.nsf/6D5D931898D8168188257432005AC9B8/$file/0650581.pdf?openelement">United States v. Arnold</a> that the Fourth Amendment does not require government agents to have reasonable suspicion before searching laptops or other digital devices at the border, including international airports. Customs and Border Patrol are likely to use the opinion to argue that almost every property search at the border is constitutionally acceptable.</p>
<p>EFF filed <a href="http://www.eff.org/files/filenode/US_v_arnold/arnold_amicus.pdf">an amicus brief in the case</a>, arguing that laptop searches are so revealing and invasive that the Fourth Amendment requires agents to have some reasonable suspicion to justify the intrusion. Not only are laptops capable of storing vast amounts of information, the information tends to be of the most personal sort, including letters, finances, diaries, photos, and web surfing histories. Prior border search cases distinguished between "routine" suspicionless searches and invasive "non-routine" searches that require reasonable suspicion. Our amicus brief and the lower court opinion relied on these cases to say that the government must also have some cause to search laptops. The Ninth Circuit panel rejected our argument that the privacy invasion resulting from searching computers is qualitatively different from, and requires higher suspicion than, searching luggage or other physical items.</p>
<p>The opinion is almost certainly wrong to classify laptop searches as no different from other property searches. Fourth Amendment law constrains police from conducting arbitrary searches, implements respect for social privacy norms, and seeks to maintain traditional privacy rights in the face of technological changes. This <i>Arnold</i> opinion fails to protect travelers in these traditional Fourth Amendment ways.</p>
<p>The defendant has time to petition the Ninth Circuit to rehear the case en banc, and the Court might agree to do so. The panel included a District Court judge sitting by designation. Additionally, the opinion sets up <i>Arnold's</i> reliance on cases protecting highly private areas like the home from suspicionless searches as a straw man and then knocks the argument down by pointing out "the simple fact that one cannot live in a laptop". This strained and strange argument suggests that <i>Arnold</i> is not the last word on border searches of laptops. In the meantime, travelers carrying their corporation's trade secrets, personal emails, or health and financial information are at risk of arbitrary and capricious fishing expeditions at the border.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/fr/cases/us-v-arnold">US v. Arnold</a></div></div></div>Wed, 23 Apr 2008 23:05:34 +0000jennifer60298 at https://www.eff.orgTravel ScreeningCivil Liberties Groups Sue Homeland Security for Records on Intrusive Questioning and Searches of U.S. Travelershttps://www.eff.org/fr/press/archives/2008/02/07
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even"></div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Information Sought in Response to Growing Complaints of Harassment at U.S. Borders</p>
<p>San Francisco - The Asian Law Caucus (ALC) and Electronic Frontier Foundation (EFF) filed suit today against the U.S. Department of Homeland Security (DHS) for denying access to public records on the questioning and searches of travelers at U.S. borders. Filed under the Freedom of Information Act, the suit responds to growing complaints by U.S. citizens and immigrants of excessive or repeated screenings by U.S. Customs and Border Protection agents.</p>
<p>ALC, a San Francisco-based civil rights organization, received more than 20 complaints from Northern California residents last year who said they were grilled about their families, religious practices, volunteer activities, political beliefs, or associations when returning to the United States from travels abroad. In addition, customs agents examined travelers' books, business cards collected from friends and colleagues, handwritten notes, personal photos, laptop computer files, and cell phone directories, and sometimes made copies of this information. When individuals complained, they were told, "This is the border, and you have no rights."</p>
<p>"When the government searches your books, peers into your computer, and demands to know your political views, it sends the message that free expression and privacy disappear at our nation's doorstep," said Shirin Sinnar, staff attorney at ALC. "The fact that so many people face these searches and questioning every time they return to the United States, not knowing why and unable to clear their names, violates basic notions of fairness and due process."</p>
<p>ALC and EFF asked DHS to disclose its policies on questioning travelers on First Amendment-protected activities, photocopying individuals' personal papers, and searching laptop computers and other electronic devices. The agency failed to meet the 20-day time limit that Congress has set for responding to public information requests, prompting the lawsuit.</p>
<p>"The public has the right to know what the government's standards are for border searches," said EFF Staff Attorney Marcia Hofmann. "Laptops, phones, and other gadgets include vast amounts of personal information. When will agents read your email? When do they copy data, where is it stored, and for how long? How will this information follow you throughout your life? The secrecy surrounding border search policies means that DHS has no accountability to America's travelers."</p>
<p>When Nabila Mango, an American citizen and San Francisco therapist, returned from a trip to the Middle East in December, customs agents at San Francisco International Airport asked her to name every person she had met and every place she had slept during her travels. They also searched her Arabic music books, business cards, and cell phone, and may have photocopied some of her papers.</p>
<p>"In my 40 years in this country, I have never felt as vulnerable as I did during that interrogation," Mango said. "I want to find out whether my government is keeping files on me and other Americans based on our associations and ideas."</p>
<p>Amir Khan, an IT consultant from Fremont, California and a U.S. citizen, is stopped each time he returns to the country. Customs officials have questioned him for a total of more than 20 hours and have searched his laptop computer, books, personal notebooks, and cell phone. Despite filing several complaints, Khan has yet to receive an explanation of why he is repeatedly singled out.</p>
<p>"One customs officer even told me that no matter what I do, nothing would improve," said Khan. "Why do I have to part with my civil liberties each time I return home?"</p>
<p>For a copy of the complaint:<br />
http://www.eff.org/files/filenode/alc/alc-complaint.pdf</p>
<p>Contacts:</p>
<p>Marcia Hofmann<br />
Staff Attorney<br />
Electronic Frontier Foundation<br />
marcia@eff.org</p>
<p>Shirin Sinnar<br />
Staff Attorney<br />
Asian Law Caucus<br />
shirins@asianlawcaucus.org</p>
</div></div></div>Thu, 07 Feb 2008 19:10:25 +0000rebecca61998 at https://www.eff.org Privacy Office Slams Secure Flight Testing, But Doesn't Call It Illegalhttps://www.eff.org/fr/deeplinks/2006/12/privacy-office-slams-secure-flight-testing-doesnt-call-it-illegal
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>According to a <a href="http://www.dhs.gov/xlibrary/assets/privacy/privacy-secure-flight-122006.pdf">report</a> released today by the Department of Homeland Security Privacy Office, the Transportation Security Administration publicly misrepresented how it handled commercial data while testing the controversial Secure Flight program. "As ultimately implemented, the commercial data test conducted in connection with the Secure Flight program testing did not match TSA's public announcements," the Privacy Office said.</p>
<p>The <a href="http://www.justice.gov/oip/privstat.htm">Privacy Act of 1974</a> requires an agency to give public notice when it establishes or changes a system of records. The Privacy Office stopped short of explicitly saying that TSA violated the law during the testing, though did note, "However well-meaning, material changes in a federal program's design that have an impact on the collection, use, and maintenance of personally identifiable information of American citizens are required to be announced in Privacy Act system notices and privacy impact assessments."</p>
<p>When TSA announced plans in September 2004 to launch the Secure Flight program, it published a <a href="">system of records notice</a> and <a href="http://a257.g.akamaitech.net/7/257/2422/06jun20041800/edocket.access.gpo.gov/2004/04-21477.htm">privacy impact assessment</a> in the Federal Register. These documents explained that the program would compare personal information in passenger name records against the Terrorist Screening Center's consolidated watch list. Furthermore, TSA would test whether commercial data could be used to verify the accuracy of passenger information, though not inappropriately single out certain categories of people. TSA assured the public that it would not actually access or keep the commercial data, and that testing would be "governed by strict privacy and data security protections."</p>
<p>Two months later, TSA published a <a href="http://a257.g.akamaitech.net/7/257/2422/06jun20041800/edocket.access.gpo.gov/2004/04-25396.htm">"final" order</a> in the Federal Register, which addressed more than 500 public comments made in response to the earlier descriptions of the Secure Flight proposal. This notice brushed off the public's calls for better privacy protections, explaining that TSA would instead develop the program transparently "to prevent so-called 'mission creep.'" The order also repeated TSA's guarantee that it would not have access to commercial data.</p>
<p>In June 2005, however, the Government Accountability Office learned that TSA had not performed the commercial data test as described in the Federal Register notices. When confronted with the GAO's <a href="http://www.gao.gov/new.items/d05864r.pdf">findings</a>, TSA backpedaled and published a <a href="http://a257.g.akamaitech.net/7/257/2422/06jun20041800/edocket.access.gpo.gov/2004/04-21477.htm">notice</a> to "supplement and amend" its earlier public statements.</p>
<p>Now, more than a year and a half after learning that TSA may have violated the law, the Privacy Office says it's unimpressed that TSA told the public one thing, did something else, and then tried to "supplement and amend" its representations after the fact. Unfortunately, it looks like this may be a pattern for DHS. Last month, we learned that the Automated Targeting System assigns risk scores to travelers entering and leaving the country, and that it has been doing so for years without our knowledge. (Read EFF's formal comments on the system <a href="http://www.eff.org/Privacy/ats/ats_comments.pdf">here</a>.) Let's hope it doesn't take the Privacy Office a year and a half to decide whether this violates the Privacy Act.</p>
</div></div></div>Fri, 22 Dec 2006 14:11:36 +0000marcia59731 at https://www.eff.orgPrivacyTravel ScreeningLawsuit Demands Answers About Government's Secret 'Risk Assessment' Scoreshttps://www.eff.org/fr/press/archives/2006/12/19
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even"></div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Millions of U.S. Travelers Affected by Giant Data-Mining Program</p>
<p>Washington, D.C. - The FLAG Project at the Electronic Frontier Foundation (EFF) filed suit against the Department of Homeland Security (DHS) in federal court today, demanding immediate answers about an invasive and unprecedented data-mining system deployed on American travelers.</p>
<p>The Automated Targeting System (ATS) creates and assigns "risk assessments" to tens of millions of citizens as they enter and leave the country. In November, DHS announced that the program would launch on December 4, but Homeland Security Secretary Michael Chertoff later admitted that the program had already been in operation for several years.</p>
<p>"The news of this secret program sparked a nationwide uproar. DHS needs to provide answers, and provide them quickly, to the millions of law-abiding citizens who are worried about this 'risk assessment' score that will follow them throughout their lives," said EFF Senior Counsel David Sobel.</p>
<p>Under ATS, individuals have no way to access information about their "risk assessment" scores or to correct any false information about them. But while you cannot see your score, it will be made readily available to untold numbers of federal, state, local, and foreign agencies. The government will retain the data for 40 years.</p>
<p>While the publicly available information about ATS is disturbing enough, there are many critical details the government did not disclose. For example, DHS has not announced what the consequences might be of a "risk assessment" score that indicates an individual might be a threat. EFF's suit demands an urgent and expedited response to the Freedom of Information Act (FOIA) request filed earlier this month, including all Privacy Impact Assessments for the ATS, all records that describe redress for individuals who believe the system includes inaccurate information, and all records that discuss potential consequences for travelers as a result of the system.</p>
<p>"ATS is precisely the sort of system that Congress sought to prohibit with the Privacy Act of 1974," said Sobel. "DHS needs to abide by the law and give Americans the information they deserve about this dangerous program."</p>
<p>Congressional leaders have indicated that they are likely to convene hearings on ATS when the new Congress convenes in January. Today's lawsuit cites that pending oversight as an additional reason why DHS must release details about the system on an expedited basis.</p>
<p>For the FOIA complaint filed against the Department of Homeland Security: <br/>
<a href="http://www.eff.org/Privacy/ats/ats_complaint.pdf">http://www.eff.org/Privacy/ats/ats_complaint.pdf</a></p>
<p>For more on the ATS program and other travel screening issues:<br/>
<a href="http://www.eff.org/privacy/travel/">http://www.eff.org/privacy/travel/</a></p>
<p>Contacts:</p>
<p>David Sobel<br/>
Senior Counsel<br/>
Electronic Frontier Foundation<br/>
sobel@eff.org</p>
<p>Marcia Hofmann<br/>
Staff Attorney<br/>
Electronic Frontier Foundation<br/>
marcia@eff.org<br/>
</p>
</div></div></div>Tue, 19 Dec 2006 16:16:33 +0000rebecca61876 at https://www.eff.org Chertoff Shocked(!) at Privacy Uproar Over "Targeting" Systemhttps://www.eff.org/fr/deeplinks/2006/12/chertoff-shocked-privacy-uproar-over-targeting-system
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>In a <a href="http://nationaljournal.com/about/njweekly/stories/2006/1208nj2.htm">fascinating article</a> by Shane Harris in the National Journal, Homeland Security Secretary Michael Chertoff professes great surprise at the public uproar over the <a href="http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cbp_ats.pdf"> Automated Targeting System</a> (ATS). He claims that he has discussed the "collection" and "analysis" of personal data -- including airline Passenger Name Records (PNR) -- "incessantly." The Secretary says that critics of the system -- which assigns "risk assessment" scores to all travelers, including U.S. citizens, and retains them for 40 years -- just haven't been paying attention: </p><blockquote>
<p></p><p>"Yeah, they missed about 100 speeches that I gave," an exasperated Chertoff told National Journal on December 5. "I've talked about... PNR data and biographic data and using it to analyze and connect the dots about people before they come into the country; I have to have given at least 20 speeches about it."</p></blockquote>
<p>Well, many of us <b>have</b> paid attention, and despite our best efforts, we've been unable to learn much about Homeland Security's collection and use of personal data.</p>
<p>Read on for more after the jump.</p>
<p>
As a case in point, let's look at the speech Mr. Chertoff delivered just a few months ago, on September 8, titled <a href="http://www.dhs.gov/xnews/speeches/sp_1158335789871.shtm">September 11: Five Years Later</a>." Yes, it's true that he talked about the collection and analysis of personal information, including PNR data. But he expressed frustration at the current state of those activities:</p><blockquote>
<p></p><p>And my plea in this country, and my plea to the Europeans is this: For God's sake, let us do that before the next 9/11, rather than afterwards. It's much better to be able to do this kind of detective work to stop an attack, rather than to investigate an attack that has already occurred.</p></blockquote>
<p></p><p>And he certainly didn't make it sound as though the U.S. government has been engaging in such data-mining for at least four years (as the Associated Press has <a href="http://news.yahoo.com/s/ap/20061202/ap_on_go_ca_st_pe/traveler_screening_28">reported</a>). Mr. Chertoff continued:</p><blockquote>
<p></p><p>So over the next year, I'm going to be looking forward to working with my European colleagues on building on this kind of information, allowing a full analysis, and still making sure we respect the privacy of those who travel internationally.</p></blockquote>
<p></p><p>In any event, it appears that it wasn't only privacy advocates and members of Congress who were unaware of the ATS data-mining project. In May 2004, the General Accounting Office released a report titled "<a href="http://www.gao.gov/new.items/d04548.pdf">Datamining: Federal Efforts Cover a Wide Range of Uses</a>." The GAO attempted to present a comprehensive survey and defined data-mining as "the application of database technology and techniques -- such as statistical analysis and modeling -- to uncover hidden patterns and subtle relationships in data and to infer rules that allow for the prediction of future results." And the Congressional watchdog agency used a fairly aggressive methodology to avoid missing something of interest, not only surveying agency officials, but also reviewing published materials that described relevant programs.</p>
<p></p><p>The GAO report identified 14 Department of Homeland Security data-mining programs, none of which appear to be at all similar to the Automated Targeting System.</p>
<p></p><p>More recently, on July 6, 2006, the DHS Privacy Office issued a "<a href="http://www.dhs.gov/xlibrary/assets/privacy/privacy_data_%20mining_%20report.pdf">Report to Congress on the Impact of Data Mining Technologies on Privacy and Civil Liberties</a>."</p>
<p></p><p>The report was issued in compliance with the requirements the 2005 DHS appropriation, which directed "the DHS Privacy Officer, in consultation with the head of each Department of Homeland Security agency that is developing or using data-mining technology" to account for and describe any such activities.</p>
<p></p><p>The report identified six DHS programs, and ATS was not among them.</p>
<p></p><p>Finally, in August 2006, the DHS Inspector General's Office released a document titled, "<a href="http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_06-56_Aug06.pdf">Survey of DHS Data Mining Activities</a>." This report <b>did</b> discuss ATS, but certainly not in a way that would raise any privacy flags: "the Automated Targeting System (ATS) . . . uses electronic shipment data to search criteria that could indicate high-risk cargo."</p>
<p></p><p>So we apologize, Mr. Chertoff, for not paying attention when you and your Department "incessantly" tried to alert us to the fact that millions of U.S. citizens were being assigned "risk assessment" scores that will follow us throughout our lives.</p>
<p></p><p>In any case, the Secretary is trying to misdirect the debate by casting the issue as whether or not the program was common knowledge. That's a peripheral question in the greater scheme of things. The <b>really</b> important question is whether DHS has violated the law. There's a growing consensus that it has, and we will address that issue in upcoming posts.</p>
</div></div></div>Sat, 09 Dec 2006 01:15:56 +0000sobel59725 at https://www.eff.orgPrivacyTravel Screening DHS "Targeting" Program Attracts Scrutiny -- Comment Period Still Open!https://www.eff.org/fr/deeplinks/2006/12/dhs-targeting-program-attracts-scrutiny-comment-period-still-open
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The Department of Homeland Security's attempt to quietly assign "risk assessment" scores to tens of milions of law-abiding American citizens (not to mention foreign nationals) may be approaching a roadblock. According to an <a href="http://news.yahoo.com/s/ap/20061202/ap_on_go_ca_st_pe/traveler_screening_28">Associated Press article</a>:</p>
<blockquote><p>Incoming Senate Judiciary Chairman Sen. Patrick Leahy of Vermont pledged greater scrutiny of such government database-mining projects after reading that during the past four years millions of Americans have been evaluated without their knowledge to assess the risks that they are terrorists or criminals.
</p><p>"Data banks like this are overdue for oversight," said Leahy, who will take over Judiciary in January. "That is going to change in the new Congress."</p></blockquote>
<p>EFF sounded the alarm on the Automated Targeting System last week, in a <a href="http://www.eff.org/news/archives/2006_11.php#005030">press release</a> and <a href="http://www.eff.org/Privacy/ats/ats_comments.pdf">formal comments</a> submitted to DHS. The system has now drawn strong criticism from a number of quarters, including the <a href="http://www.aclu.org/privacy/gen/27579prs20061201.html">ACLU</a> and the <a href="http://businesstravelcoalition.com/statements/157.html">Business Travel Coalition</a>.
</p><p>Comments can still be submitted to DHS until midnight ET on December 4 at <a href="http://www.regulations.gov">www.regulations.gov</a>. To submit comments, you must enter the appropriate "keyword or ID," which is DHS-2006-0060-0001 (no, they don't make this easy).</p>
</div></div></div>Mon, 04 Dec 2006 13:26:32 +0000sobel59717 at https://www.eff.orgPrivacyTravel ScreeningAmerican Travelers to Get Secret 'Risk Assessment' Scoreshttps://www.eff.org/fr/press/archives/2006/11/30-0
<div class="field field--name-field-pr-subhead field--type-text field--label-hidden"><div class="field__items"><div class="field__item even"></div></div></div><div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF Fights Huge Data-Mining Program Set for Rollout on U.S. Borders</p>
<p>Washington, D.C. - An invasive and unprecedented data-mining system is set to be deployed on U.S. travelers Monday, despite substantial questions about Americans' privacy. In comments sent to the Department of Homeland Security (DHS) today, the Electronic Frontier Foundation (EFF) asked the agency to delay the program's rollout until it makes more details available to the public and addresses critical privacy and due process concerns.</p>
<p>The Automated Targeting System (ATS) will create and assign "risk assessments" to tens of millions of citizens as they enter and leave the country. Individuals will have no way to access information about their "risk assessment" scores or to correct any false information about them. But once the assessment is made, the government will retain the information for 40 years -- as well as make it available to untold numbers of federal, state, local, and foreign agencies in addition to contractors, grantees, consultants, and others.</p>
<p>"The government is preparing to give millions of law-abiding citizens 'risk assessment' scores that will follow them throughout their lives," said EFF Senior Counsel David Sobel. "If that wasn't frightening enough, none of us will have the ability to know our own score, or to challenge it. Homeland Security needs to delay the deployment of this system and allow for an informed public debate on this dangerous proposal."</p>
<p>Earlier this month, EFF's FLAG Project submitted a Freedom of Information Act (FOIA) request to DHS seeking more details about the ATS data-mining program, but the agency has not yet disclosed the requested information.</p>
<p>For EFF's full comments to DHS:<br/>
<a href="http://www.eff.org/Privacy/ats/ats_comments.pdf">http://www.eff.org/Privacy/ats/ats_comments.pdf</a></p>
<p>For the DHS Federal Register notice announcing ATS:<br/>
<a href="http://edocket.access.gpo.gov/2006/06-9026.htm">http://edocket.access.gpo.gov/2006/06-9026.htm</a></p>
<p>Contact:</p>
<p>David Sobel<br/>
Senior Counsel<br/>
Electronic Frontier Foundation<br/>
sobel@eff.org</p>
</div></div></div>Thu, 30 Nov 2006 16:23:32 +0000rebecca61873 at https://www.eff.org Guardian on the Consequences of Secure Flight and Other Security Theatrehttps://www.eff.org/fr/deeplinks/2006/05/guardian-consequences-secure-flight-and-other-security-theatre
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><a href="http://www.guardian.co.uk/idcards/story/0,,1766266,00.html">In a recent article</a>, the Guardian covers the <a href="http://www.eff.org/Privacy/cappsii/">many</a> <a href="http://www.eff.org/deeplinks/archives/004402.php">privacy</a>-<a href="http://www.eff.org/Privacy/Surveillance/RFID/">invasive</a> initiatives being implemented as part of airport security screening. The journey starts with a seemingly innocous event -- finding another traveler's ticket stub:</p>
<blockquote><p>"If the expert was right, this stub would enable me to access Broer's personal information, including his passport number, date of birth and nationality. It would provide the building blocks for stealing his identity, ruining his future travel plans - and even allow me to fake his passport.</p>
<p>"It would also serve as the perfect tool for demonstrating the chaotic collection, storage and security of personal information gathered as a result of America's near-fanatical desire to collect data on travellers flying to the US - and raise serious questions about the sort of problems we can expect when ID cards are introduced in 2008."</p></blockquote>
</div></div></div>Mon, 08 May 2006 17:21:25 +0000Derek Slater59512 at https://www.eff.orgPrivacyTravel Screening TSA Grounds Secure Flight Program... For Nowhttps://www.eff.org/fr/deeplinks/2006/02/tsa-grounds-secure-flight-program-now
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Citing data security concerns, the TSA on Thursday <a href="http://www.nytimes.com/2006/02/10/politics/10passenger.html">informed</a> a Senate committee that its controversial Secure Flight program would be delayed indefinitely. In written testimony, the Government Accountability Office also noted that Secure Flight "may not be adequately protected against unauthorized access and use or disruption."</p>
<p>The Secure Flight Program, billed as an improvement to the current Computer Assisted Passenger Pre-Screening (CAPPS), has raised enormous privacy and security concerns from the start. Unlike CAPPS, in which airline employees compare passenger information against a government-supplied no-fly list, the Secure Flight program envisions placing that responsibility squarely in the hands of government officials. Since the program was announced, the TSA has been caught repeatedly <a href="http://www.eff.org/deeplinks/archives/003840.php">lying</a> to Congress about its use of information provided by commercial data brokers.</p>
<p>In September, EFF launched an effort to <a href="https://secure.eff.org/site/SPageServer?pagename=ADV_secureflight">uncover </a>the scope of the TSA's use of commercial data, assisting travelers who flew during a "test period" identified by the TSA to request information from the agency under the Freedom of Information Act. EFF continues to review the results of that investigation.</p>
</div></div></div>Fri, 10 Feb 2006 04:44:24 +0000Matt Zimmerman59429 at https://www.eff.orgPrivacyTravel Screening TSA Continues Secure Flight Deceptionhttps://www.eff.org/fr/deeplinks/2005/07/tsa-continues-secure-flight-deception
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Last week, the Government Accountability Office (GAO) <a href="http://www.gao.gov/new.items/d05864r.pdf">reaffirmed</a> [PDF] in a letter to Congress that the Transportation Security Administration (TSA) violated the Privacy Act, <a href="http://www.eff.org/deeplinks/archives/003740.php">lying to the public</a> about collecting and using private data in testing Secure Flight. The letter also reveals that the TSA collected <i>over 100 million</i> records from commercial data providers.</p>
<p>But TSA's deception and privacy-invasive practices don't stop there. According to <a href="http://www.airportbusiness.com/article/article.jsp?id=2830&amp;siteSection=5">an AP story</a>, the TSA plans to test whether commercial data could help find terrorist "sleeper cells." "We are trying to use commercial data to verify the identities of people who fly because we are not going to rely on the watch list," said Justin Oberman, who's in charge of Secure Flight. "If we just rise and fall on the watch list, it's not adequate."</p>
<p>That blatantly contradicts what the TSA previously said about Secure Flight. While its predecessor, CAPPS II, would have mined commercial data to predict who might be a terrorist, Secure Flight was <a href="http://www.eff.org/deeplinks/archives/001856.php">supposed</a> to use the data only to match names to existing watch lists (see the <a href="http://www.gao.gov/new.items/d05356.pdf">March 2005 GAO report</a>; PDF). </p>
</div></div></div>Tue, 26 Jul 2005 17:14:40 +0000Derek Slater59255 at https://www.eff.orgPrivacyTravel Screening The Last Lie for TSA?https://www.eff.org/fr/deeplinks/2005/06/last-lie-tsa
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><a href="http://www.wired.com/">Wired</a> reporter Ryan Singel has a must-read <a href="http://www.secondaryscreening.net/static/archives/2005/06/tsa_lies_could">piece</a> providing an update on the Transportation Security Administration's (TSA) outrageous behavior in testing the fundamentally flawed "Secure Flight" passenger-surveillance program:</p>
<blockquote><p>
Homeland Security officials who defied Congress and misled the public by creating secret files on American citizens while testing a new passenger screening program may have engaged in multiple counts of criminal conduct, and at least one employee has already lied to cover-up the misdeed.</p>
<p>
On Monday, the Transportation Security Administration confirmed allegations that officials running the so-called Secure Flight program violated legally binding promises by secretly sharing and collecting detailed personal data on American citizens from commercial data brokers.</p>
<p>
These announced violations of the Privacy Act add yet another chapter to the increasingly repetitive story of the TSA's sloppy data practices, disregard for the nation's privacy laws, and false statements to the American public, Congress and the media.</p>
<p>
[...]</p>
<p>
TSA officials, including Secure Flight program manager Justin Oberman, are now working furiously behind the scenes, using words like "unsurprising," to downplay the extent of their wrongdoing to Congressional investigators, journalists, and civil liberties groups.</p>
<p>
But the misconduct actually pertains to the crux of earlier official notices that promised that the agency would never get a hold of commercial data during the tests, according to Peter Swire, a law professor and the former top Clinton Administration privacy official.</p>
<p>
"The use of commercial data was the single biggest issue in this system of records," Swire said. "It was at the center of Congressional debate; it was the topic of extended discussion by the agency, and an intentional, systematic violation of that promise is a big deal."</p>
<p>
"This was likely a criminal violation," Swire said. "If the agency can ignore that sort of promise that would undercut the entire Privacy Act."
</p></blockquote>
<p>Indeed it would.</p>
<p>
Here's the <a href="http://www.eff.org/deeplinks/archives/Secure_Flight_SORN_PIA.pdf">smoking gun</a> (PDF) -- a revised Privacy Act "systems of records" notice and a revised privacy impact assessment. </p>
<p>
The most breathtaking privacy violation: TSA massively expanded the scope of the private information collected for testing Secure Flight.</p>
<p></p><p>
TSA had initially said, "Individuals subject to the data collection requirements and processes of Secure Flight are persons who traveled within the United States during June 2004, the pre-selected 30-day period."</p>
<p>
During actual testing, however, TSA's contractor picked 42,000 names from the list of June air travelers, and for each of those names "created up to twenty variations of a person's first and last names" -- meaning that it submitted an extra 240,000 new names to three commercial data brokers (Acxiom, InsightAmerica, and Qsent).</p>
<p>
TSA didn't say how many of these 282,000 names yielded commercial dossiers. But it's clear that personal information about many tens of thousands of people who didn't even fly in June 2004 was turned over.</p>
<p>
Moreover, the commercial data brokers handed over people's Social Security numbers without even being asked; the revised SORN/PIA states: "In some cases the commercial data aggregators provided information that [TSA contractor] EagleForce did not request, such as social security numbers, due to the way the commercial data aggregators packaged their product."</p>
<p>
All of this violates the Privacy Act, under which agencies must give public advance notice of "the existence and character" of any system of records that stores personal information. 5 U.S.C. ? 552a(e)(4). Failure to do so can, in theory, subject agency officers or employees to criminal penalties. 5 U.S.C. ? 552a(i)(2) ("Any officer or employee of any agency who willfully maintains a system of records without meeting the notice requirements of subsection (e)(4) of this section shall be guilty of a misdemeanor and fined not more than $5,000.")</p>
<p>
It should be clear that "commercial data" is the devil's candy for passenger screening true believers, who seem to have vowed that "if only we could get just a few more data points, we'll show them that Secure Flight works."</p>
<p>
This should be TSA's last lie -- and the last time a government agency strips us of our privacy for this disastrous program.</p>
<p>
Previous relevant Deep Links posts:</p>
<ul><li><a href="http://www.eff.org/deeplinks/archives/003699.php">Why Isn't Secure Flight Grounded?</a>
</li><li><a href="http://www.eff.org/deeplinks/archives/003487.php">It's Official: TSA Lied</a>
</li><li><a href="http://blogs.eff.org/deeplinks/archives/001470.php">TSA and CAPPS II - Anatomy of a Cover-Up</a>
</li></ul></div></div></div>Fri, 24 Jun 2005 18:39:44 +0000bankston59210 at https://www.eff.orgPrivacyTravel Screening Why Isn't Secure Flight Grounded?https://www.eff.org/fr/deeplinks/2005/06/why-isnt-secure-flight-grounded
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>This week brought yet another privacy scandal for the Transportation Security Administration's (TSA) fundamentally flawed "Secure Flight" passenger surveillance program. The Department of Homeland Security's (DHS) chief privacy officer, Nuala O' Connor-Kelly, is launching an investigation to find out whether the program broke federal privacy law by hiding from the public the extent to which it has been digging through commercial databases for the private information of innocent Americans.</p>
<p>Secure Flight plans to force airlines and reservations services to hand over your personal travel information in order to match it against the names on secret government "watch lists" to decide whether you're allowed to fly.</p>
<p>Not only does this threaten our freedom to travel, there's no reason to believe the plan will work. In March, the Government Accountability Office (GAO) <a href="http://www.eff.org/deeplinks/archives/GAO_Secure_Flight_2005.pdf">found</a> [PDF] that "the effectiveness of Secure Flight in identifying passengers who should undergo additional security scrutiny has not yet been determined." Last week, another government watchdog group <a>stated</a> [PDF] that the Terrorist Screening Center, which runs the government's central watch list, "could not ensure that the information in that database was complete and accurate." </p>
<p>That puts you and every other passenger at risk of being grounded or made subject to repeated security checks due to information that is false, old, or incomplete.</p>
<p>But that's hardly the worst of it. Airport personnel could squander valuable time and resources on you and other "false positives" instead of focusing on measures that would lower the risk that terrorists could board a plane with weapons or explosives. Trusting "what the computer says" might even lead security officials to overlook danger signs as they wave people through the gate -- decreasing, not increasing, passenger safety.</p>
<p>Unfortunately, TSA has not only persisted in pushing for Secure Flight, it's added insult to injury by repeatedly lying about its use of passengers' private information for testing the program. As we <a href="http://www.eff.org/deeplinks/archives/003487.php">reported</a> in March, a DHS report revealed that TSA misled individuals, the press, and Congress in 2003 and 2004. In addition, in the report we quote above, the GAO determined that Secure Flight failed to meet 9 out of 10 conditions the Office set for giving the program the go-ahead. These conditions included providing adequate protection for passengers' privacy and ensuring the accuracy of the data it would use to classify people as terrorist threats. </p>
<p>Now it appears that TSA may not even have shared the whole story in its federally mandated Privacy Act notices. It's now proposing retroactively changing them, with program director Justin Oberman <a href="http://www.wired.com/news/privacy/0,1848,67875,00.html">reportedly describing</a> the revisions as "unsurprising" and "technical."</p>
<p>"At this point, there's no reason whatsoever for the American public or anyone else -- including the Department of Homeland Security's own privacy officer -- to trust TSA or put faith in Secure Flight," said Lee Tien, EFF's senior privacy attorney. "The idea behind Secure Flight is to spend millions of dollars waiting for bad guys to come to the airport. Meanwhile, all Americans must give up their privacy and civil liberties -- not to mention time -- in order to fly. Maybe the government should spend those Secure Flight dollars on actually looking for the people on the 'no-fly' list."</p>
<p>For additional information, see:</p>
<ul><li>Wired: <a href="http://www.wired.com/news/privacy/0,1848,67875,00.html">Secure Flight Hits Turbulence</a>
</li><li>Bill Scannell's website: <a href="http://unsecureflight.com/">UnsecureFlight.com</a>
</li><li>Previous Deep Links posts: <a href="http://www.eff.org/deeplinks/archives/003487.php">It's Official: TSA Lied</a> and <a href="http://blogs.eff.org/deeplinks/archives/001470.php">TSA and CAPPS II - Anatomy of a Cover-Up</a>
</li></ul></div></div></div>Thu, 16 Jun 2005 19:54:13 +0000Donna Wentworth59203 at https://www.eff.orgPrivacyTravel Screening It's Official: TSA Liedhttps://www.eff.org/fr/deeplinks/2005/03/its-official-tsa-lied
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Two government reports confirm what EFF and other privacy advocacy organizations have <a href="http://www.eff.org/effector/17/15.php#II">long known</a>: the Transportation Security Administration (TSA) lied about its role in using airline passengers as guinea pigs for testing "Secure Flight" - the latest version of a fundamentally flawed passenger-profiling system for screening terrorists. And not only did TSA lie, it lied repeatedly, to everyone.</p>
<p>A <a href="http://www.dhs.gov/interweb/assetlibrary/OIGr-05-12_Mar05.pdf">DHS report</a> [PDF], released this past Friday, reveals that TSA misled individuals, the press, and Congress in 2003 and 2004. A <a href="http://www.gao.gov/new.items/d05356.pdf">GAO report</a> [PDF], released Monday, also shows that Secure Flight has failed to meet 9 out 10 conditions the GAO set for giving the program the go-ahead. These conditions include providing adequate protection for passengers' privacy and ensuring the accuracy of the data it would use to classify people as terrorist risks. </p>
<p>Passenger records contain detailed personal information, such as your name, address, phone number, travel itinerary -- even your credit card number. Yet the DHS report says TSA shared passenger information with outside contractors while neglecting to "inquire whether the data used by the vendors had been returned or destroyed."</p>
<p>"This is worse than ChoicePoint," says EFF Senior Privacy Attorney Lee Tien. "It reflects an attitude toward the privacy of Americans that falls well below what people are up in arms about in the commercial data industry. These people have a public trust and they're abusing it." </p>
<p>For additional information, see Bruce Schneier's <a href="http://www.schneier.com/blog/archives/2005/03/gaos_report_on.html">GAO's Report on Secure Flight</a>; for background, see <a href="http://blogs.eff.org/deeplinks/archives/001470.php">TSA and CAPPS II -- Anatomy of a Cover Up</a>. </p>
<p>[Note: This report was corrected to distinguish between two separate reports on Secure Flight.] </p>
</div></div></div>Thu, 31 Mar 2005 15:55:00 +0000Donna Wentworth59161 at https://www.eff.orgPrivacyTravel Screening 9/11 Legislation Launches Misguided Data-Mining and Domestic Surveillance Schemeshttps://www.eff.org/fr/deeplinks/2004/12/9-11-legislation-launches-misguided-data-mining-and-domestic-surveillance-schemes
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>On Friday President Bush signed into law the Intelligence Reform and Terrorism Prevention Act of 2004 (<a href="http://news.findlaw.com/usatoday/docs/terrorism/irtpa2004.pdf">IRTPA</a>; PDF), launching several flawed "security" schemes that EFF has long opposed. The media has focused on turf wars between the intelligence and defense communities, but the real story is how IRTPA trades basic rights for the illusion of security. For instance:</p>
<p><b>~ Section 1016 - a.k.a. "TIA II" ~</b></p>
<p>A clause authorizing the creation of a massive "Information Sharing Environment" (ISE) to link "all appropriate Federal, State, local, and tribal entities, and the private sector."</p>
<p>This vast network links the information in public and private databases, which poses the same kind of threat to our privacy and freedom that the notorious Terrorism Information Awareness (TIA) program did. Yet the IRTPA contains no meaningful safeguards against unchecked data mining other than directing the President to issue guidelines. It also includes a definition of "terrorist information" that is frighteningly broad.</p>
<p><b>~ Section 4012 and Sections 7201-7220 - a.k.a. "CAPPS III" ~</b></p>
<p>A number of provisions that provide the statutory basis for "<a href="http://www.eff.org/effector/17/35.php#I">Secure Flight</a>," the government's third try at a controversial passenger-screening system that has consistently failed to pass muster for protecting passenger privacy.</p>
<p>The basic concept: the government will force commercial air carriers to hand over your private travel information and compare it with a "consolidated and integrated terrorist watchlist." It will also establish a massive "counterterrorist travel intelligence" infrastructure that calls for travel data mining ("recognition of travel patterns, tactics, and behavior exhibited by terrorists").</p>
<p>It's not clear how the government would use the travel patterns of millions of Americans to catch the small number of individuals worldwide who are planning terrorist attacks. In fact, this approach has been <a href="http://www.schneier.com/essay-052.html">thoroughly debunked</a> by security experts. What is clear is that the system will create fertile ground for constitutional violations and the abuse of private information. The latest Privacy Act notice on Secure Flight shows that the Transportation Security Administration (TSA) still doesn't have a plan for how long the government will keep your private information, nor has it mapped out adequate procedures for correcting your "file" if you are wrongly flagged as a terrorist.</p>
<p><b>~ Section 6001 - a.k.a. "PATRIOT III" ~</b></p>
<p>Straight from the infamous "PATRIOT II" draft legislation leaked to the public last year comes a provision that allows the government to use secret foreign intelligence warrants and wiretap orders against people unconnected to any international terrorist group or foreign nation. This represents yet another step in the ongoing destruction of even the most basic legal protections for those the government suspects are terrorists. </p>
<p><b>~ Sections 7208-7220 - a.k.a. "Papers, Please" ~</b></p>
<p>Just as EFF, the ACLU, and a number of other civil liberties groups <a href="http://action.eff.org/siteapps/advocacy/index.aspx?c=esJNJ5OWF&amp;b=124605&amp;ievent=59502&amp;action=1248&amp;template=x%2Eascx">feared</a>, IRTPA creates the basis for a de facto national ID system using biometrics. Driven by misguided political consensus, the law calls for a "global standard of identification" and minimum national standards for birth certificates, driver's licenses and state ID cards, and social security cards and numbers. It also directs the Secretary of Homeland Security to establish new standards for ID for domestic air travelers. </p>
<p>Identification is not security. Indeed, the 9/11 Commission report revealed that a critical stumbling block in identifying foreign terrorists is the inability to evaluate *foreign* information and records. Yet we are placing disproportionate emphasis on pervasive domestic surveillance, opening the door to a standardized "internal passport" -- the hallmark of a totalitarian regime. </p>
<p>If you care about preserving your privacy and basic consitutional freedoms, help us fight the good fight by <a href="https://secure.eff.org/">joining EFF today</a>. </p>
</div></div></div>Mon, 20 Dec 2004 17:29:29 +0000Donna Wentworth59098 at https://www.eff.orgPATRIOT ActPrivacyTravel Screening